Safeguard Administrator's Manual (G06.24+, H06.03+)
Table Of Contents
- What’s New in This Manual
- About This Manual
- 1 Introduction
- 2 Controlling User Access
- Introduction
- Using SAFECOM to Establish a Local User Community
- Using SAFECOM to Manage User Access to Your System
- Changing the Owner of a User Authentication Record
- Granting a User Temporary Access to Your System
- Requiring Users to Change Their Passwords
- Granting a Grace Period for Changing an Expired Password
- Forcing Immediate Expiration of a User’s Password
- Freezing a User's Ability to Access the System
- Specifying Auditing for a User ID
- Deleting Users
- Deleting Administrative Groups
- Using SAFECOM to Establish a Network of Users
- Using Safeguard With Nodes With Standard Security
- Identifying Network Users
- Granting a Network User Access to Objects on Your System
- Establishing a Community of Network Users
- Changes to the PAID During a User’s Session
- Additional Considerations for Aliases and Groups
- Additional Considerations for ACCESS with Network Specific Subject IDs
- Establishing Default Protection for a User's Disk Files
- Specifying a Default Command Interpreter for a User
- Establishing Guardian Defaults
- Assigning an Alias to a User
- 3 Managing User Groups
- 4 Securing Volumes and Devices
- 5 OBJECTTYPE Control
- 6 Managing Security Groups
- 7 Securing Terminals
- 8 Warning Mode
- 9 Configuration
- Safeguard Attributes
- Configuring User Authentication
- Configuring Password Control
- Configuring Device Control
- Configuring Process Control
- Configuring Disk-File Control
- Configuring Safeguard Auditing
- Configuring a Default Command Interpreter
- Configuring Communication With $CMON
- Configuring Logon Dialog
- Configuring Exclusive Access at Safeguard Terminals
- Configuring Warning Mode
- Configuring Persistence
- Configuring Attributes for Node Specific Subjects in ACLs
- 10 Installation and Management
- Safeguard Components
- Process Considerations for the SMP and SAFECOM
- Safeguard Subsystem Management Commands
- General Installation Procedure
- Installing the Safeguard Software
- Starting the SMP
- Converting to the Safeguard Subsystem
- Updating the Safeguard Software
- Guidelines for Securing the Safeguard Subsystem
- Monitoring the Safeguard Subsystem
- A SAFECOM Command Syntax
- Index
Installation and Management
Safeguard Administrator’s Manual—523317-013
10-6
Including the Safeguard Software in the OSIMAGE
File (D-Series RVUs)
SAVEABEND OFF, &
STARTMODE KERNEL or SYSTEM, &
STARTUPMSG "<BCKP-CPU>", &
STOPMODE STANDARD, &
TYPE OTHER, &
USERID SUPER.SUPER
Regarding the attribute values shown in the example:
•
The values for NAME, PRIORITY, SAVEABEND, PROGRAM, STARTUPMSG,
STOPMODE, TYPE, and USERID must be entered as shown.
•
The values shown for AUTORESTART, BACKUPCPU, EXTSWAP,
DEFAULTVOLUME, HIGHPIN, HOMETERM, OUTFILE, and PRIMARYCPU are
recommended.
•
The subvolume specified for EXTSWAP should be on the same processor pair as
PRIMARYCPU and BACKUPCPU.
•
If $SYSTEM.SYSTEM.OSMP is specified for PROGRAM, the OSMP program file
in the current SYSnn subvolume is used.
•
For OUTFILE and HOMETERM, $ZHOME is a good choice if $VHS is unavailable.
•
For STARTMODE, specify KERNEL if you want the Safeguard software to start
early in the system load process. Specify SYSTEM if you want it to start at the end
of the system load.
For more information about the SCF ADD command, see the SCF Reference Manual
for the Kernel Subsystem.
If you need to stop the Safeguard software when it is installed in this manner, you must
first execute an SCF ABORT command. Then you can use the SAFECOM STOP
command. To restart the Safeguard software, use the SCF START command.
Including the Safeguard Software in the OSIMAGE File (D-Series
RVUs)
To configure the Safeguard software in your CONFTEXT file, you must add the
Safeguard files OSMP and OSMON to the SYSTEM_PROCESS_CODE_FILES entry
of the ALLPROCESSORS paragraph. The entry should contain these definitions:
SYSTEM_PROCESS_CODE_FILES $dsv-vol.ZSAFEGRD.OSMON,
$dsv-vol.ZSAFEGRD.OSMP,
TANDEM^PROCESS^CODE^FILES;
where $dsv-vol is the name of the volume containing the ZSAFEGRD DSV.
If the Safeguard subsystem is included in the OSIMAGE file, it is started automatically
when the system is loaded, and it cannot be stopped without stopping the system.
If you include the Safeguard software in the OSIMAGE file or start the Safeguard
software as part of the CIIN file, you should keep another OSIMAGE file in a backup
SYSnn subvolume on $SYSTEM. This OSIMAGE file should not include either the