Safeguard Administrator's Manual (G06.24+, H06.03+)
Table Of Contents
- What’s New in This Manual
- About This Manual
- 1 Introduction
- 2 Controlling User Access
- Introduction
- Using SAFECOM to Establish a Local User Community
- Using SAFECOM to Manage User Access to Your System
- Changing the Owner of a User Authentication Record
- Granting a User Temporary Access to Your System
- Requiring Users to Change Their Passwords
- Granting a Grace Period for Changing an Expired Password
- Forcing Immediate Expiration of a User’s Password
- Freezing a User's Ability to Access the System
- Specifying Auditing for a User ID
- Deleting Users
- Deleting Administrative Groups
- Using SAFECOM to Establish a Network of Users
- Using Safeguard With Nodes With Standard Security
- Identifying Network Users
- Granting a Network User Access to Objects on Your System
- Establishing a Community of Network Users
- Changes to the PAID During a User’s Session
- Additional Considerations for Aliases and Groups
- Additional Considerations for ACCESS with Network Specific Subject IDs
- Establishing Default Protection for a User's Disk Files
- Specifying a Default Command Interpreter for a User
- Establishing Guardian Defaults
- Assigning an Alias to a User
- 3 Managing User Groups
- 4 Securing Volumes and Devices
- 5 OBJECTTYPE Control
- 6 Managing Security Groups
- 7 Securing Terminals
- 8 Warning Mode
- 9 Configuration
- Safeguard Attributes
- Configuring User Authentication
- Configuring Password Control
- Configuring Device Control
- Configuring Process Control
- Configuring Disk-File Control
- Configuring Safeguard Auditing
- Configuring a Default Command Interpreter
- Configuring Communication With $CMON
- Configuring Logon Dialog
- Configuring Exclusive Access at Safeguard Terminals
- Configuring Warning Mode
- Configuring Persistence
- Configuring Attributes for Node Specific Subjects in ACLs
- 10 Installation and Management
- Safeguard Components
- Process Considerations for the SMP and SAFECOM
- Safeguard Subsystem Management Commands
- General Installation Procedure
- Installing the Safeguard Software
- Starting the SMP
- Converting to the Safeguard Subsystem
- Updating the Safeguard Software
- Guidelines for Securing the Safeguard Subsystem
- Monitoring the Safeguard Subsystem
- A SAFECOM Command Syntax
- Index
Index
Safeguard Administrator’s Manual—523317-013
Index-2
D
Changing the owner of a user record 2-15
CIIN file 10-6, 10-7
CI-CPU attribute 2-6
CI-LIB attribute 2-6
CI-NAME attribute 2-6
CI-PARAM-TEXT attribute 2-6
CI-PRI attribute 2-6
CI-PROG attribute 2-6
CI-PROG Safeguard attribute 9-19
CI-SWAP attribute 2-6
CMON attribute 9-20
Command interpreter specification
for a terminal 7-2
for a user 2-36
for Safeguard configuration 9-19
precedence 7-2
Command syntax (SAFECOM) A-3
Commands
for device security 4-1
for network users 2-27
for OBJECTTYPE control 5-3
for Safeguard management 10-4
for user security 2-10
for volume security 4-1
Components of Safeguard 10-1
Configuration attributes
default values 9-2
for client auditing 9-18
for default command interpreter 9-19
for device control 9-9
for disk file control 9-11
for logon dialog 9-20
for node specific subjects 9-22
for password control 9-5
for persistence 9-22
for process control 9-10
for systemwide auditing of all
objects 9-17
for systemwide device auditing 9-15
for systemwide disk-file auditing 9-16
Configuration attributes (continued)
for systemwide process auditing 9-16
for systemwide user auditing 9-14
for terminal exclusive access 9-21
for user authentication 9-4
for warning mode 9-21
for $CMON communication 9-20
CONFTEXT file 10-5, 10-6
Console messages 10-13
Controlling aliases as an object type 5-4
Controlling an entire object type 5-3
Controlling groups as an object type 5-4
Controlling logon dialog 7-2
Controlling users as an object type 5-4
Controlling who can add an object type 5-5
D
Database 10-1
Default protection for disk files 2-6
default access control list 2-34
default auditing 2-35
default ownership 2-35
eliminating 2-36
Guardian 2-37
specifying 2-33
DEFAULT-PROTECTION attribute 2-6,
2-33
Defining security groups 6-1
Defining user groups 2-4, 3-1
DELETE DEVICE command 4-1
DELETE GROUP command 3-5
DELETE OBJECTTYPE command 5-3
DELETE TERMINAL command 7-5
DELETE USER command 2-10, 2-25
DELETE VOLUME command 4-1
Deleting user groups 2-25
Deleting users 2-25
DELUSER program 2-27, 10-9