Safeguard Administrator's Manual (G06.24+, H06.03+)
Table Of Contents
- What’s New in This Manual
- About This Manual
- 1 Introduction
- 2 Controlling User Access
- Introduction
- Using SAFECOM to Establish a Local User Community
- Using SAFECOM to Manage User Access to Your System
- Changing the Owner of a User Authentication Record
- Granting a User Temporary Access to Your System
- Requiring Users to Change Their Passwords
- Granting a Grace Period for Changing an Expired Password
- Forcing Immediate Expiration of a User’s Password
- Freezing a User's Ability to Access the System
- Specifying Auditing for a User ID
- Deleting Users
- Deleting Administrative Groups
- Using SAFECOM to Establish a Network of Users
- Using Safeguard With Nodes With Standard Security
- Identifying Network Users
- Granting a Network User Access to Objects on Your System
- Establishing a Community of Network Users
- Changes to the PAID During a User’s Session
- Additional Considerations for Aliases and Groups
- Additional Considerations for ACCESS with Network Specific Subject IDs
- Establishing Default Protection for a User's Disk Files
- Specifying a Default Command Interpreter for a User
- Establishing Guardian Defaults
- Assigning an Alias to a User
- 3 Managing User Groups
- 4 Securing Volumes and Devices
- 5 OBJECTTYPE Control
- 6 Managing Security Groups
- 7 Securing Terminals
- 8 Warning Mode
- 9 Configuration
- Safeguard Attributes
- Configuring User Authentication
- Configuring Password Control
- Configuring Device Control
- Configuring Process Control
- Configuring Disk-File Control
- Configuring Safeguard Auditing
- Configuring a Default Command Interpreter
- Configuring Communication With $CMON
- Configuring Logon Dialog
- Configuring Exclusive Access at Safeguard Terminals
- Configuring Warning Mode
- Configuring Persistence
- Configuring Attributes for Node Specific Subjects in ACLs
- 10 Installation and Management
- Safeguard Components
- Process Considerations for the SMP and SAFECOM
- Safeguard Subsystem Management Commands
- General Installation Procedure
- Installing the Safeguard Software
- Starting the SMP
- Converting to the Safeguard Subsystem
- Updating the Safeguard Software
- Guidelines for Securing the Safeguard Subsystem
- Monitoring the Safeguard Subsystem
- A SAFECOM Command Syntax
- Index
Index
Safeguard Administrator’s Manual—523317-013
Index-6
T
Specifying auditing for a user ID 2-24
Standard security programs 2-27
START SAFEGUARD command 10-4
Starting the SMP 10-7
STOP SAFEGUARD command 6-1, 10-4
Subdevices
adding to the Safeguard database 4-4
valid ACCESS authorities 4-4
Subject database 10-1
Super ID
denial of authorities 5-4
restricting authority 1-2
undeniable 10-5
Systemwide auditing
for all objects 9-17
for devices 9-15
for disk files 9-16
for processes 9-16
for subvolumes 9-16
for user-authentication 9-14
for volumes 9-16
supplementing individual settings 9-13
SYSTEM-OPERATOR group 6-1
T
Temporary access to system 2-16
TERMINAL commands 2-2, 7-1, 7-2
TERMINAL-EXCLUSIVE-ACCESS
attribute 9-21
TEXT-DESCRIPTION attribute 2-8
THAW DEVICE command 4-1
THAW OBJECTTYPE command 5-3
THAW SECURITY-GROUP command 6-6
THAW TERMINAL command 7-5
THAW USER command 2-10, 2-24
THAW VOLUME command 4-1
U
UNNAMED process protection
records 9-11
Updating the Safeguard software 10-9
User alias
adding 2-39
altering 2-40
defined 2-39
User community, establishing 2-4
User groups
administrative 2-4, 3-1
defining 2-4
deleting 2-25
file sharing 3-1
User name at logon 9-20
User security commands 2-10
Users
adding 2-5
as an object type 5-4
deleting 2-25
establishing network users 2-27
freezing 2-23
removing deleted 2-25
setting password expiration 2-20
temporary 2-16
thawing 2-23
transferring ownership 2-15
USER-EXPIRES
attribute 2-6
date 2-16
USER-EXPIRES date 2-16
V
Volume security commands 4-1
Volumes
adding to the Safeguard database 4-3
valid ACCESS authorities 4-3
W
Warning mode 8-1
WARNING-MODE Safeguard attribute 9-21