Safeguard Administrator's Manual (G06.24+, H06.03+)
Table Of Contents
- What’s New in This Manual
- About This Manual
- 1 Introduction
- 2 Controlling User Access
- Introduction
- Using SAFECOM to Establish a Local User Community
- Using SAFECOM to Manage User Access to Your System
- Changing the Owner of a User Authentication Record
- Granting a User Temporary Access to Your System
- Requiring Users to Change Their Passwords
- Granting a Grace Period for Changing an Expired Password
- Forcing Immediate Expiration of a User’s Password
- Freezing a User's Ability to Access the System
- Specifying Auditing for a User ID
- Deleting Users
- Deleting Administrative Groups
- Using SAFECOM to Establish a Network of Users
- Using Safeguard With Nodes With Standard Security
- Identifying Network Users
- Granting a Network User Access to Objects on Your System
- Establishing a Community of Network Users
- Changes to the PAID During a User’s Session
- Additional Considerations for Aliases and Groups
- Additional Considerations for ACCESS with Network Specific Subject IDs
- Establishing Default Protection for a User's Disk Files
- Specifying a Default Command Interpreter for a User
- Establishing Guardian Defaults
- Assigning an Alias to a User
- 3 Managing User Groups
- 4 Securing Volumes and Devices
- 5 OBJECTTYPE Control
- 6 Managing Security Groups
- 7 Securing Terminals
- 8 Warning Mode
- 9 Configuration
- Safeguard Attributes
- Configuring User Authentication
- Configuring Password Control
- Configuring Device Control
- Configuring Process Control
- Configuring Disk-File Control
- Configuring Safeguard Auditing
- Configuring a Default Command Interpreter
- Configuring Communication With $CMON
- Configuring Logon Dialog
- Configuring Exclusive Access at Safeguard Terminals
- Configuring Warning Mode
- Configuring Persistence
- Configuring Attributes for Node Specific Subjects in ACLs
- 10 Installation and Management
- Safeguard Components
- Process Considerations for the SMP and SAFECOM
- Safeguard Subsystem Management Commands
- General Installation Procedure
- Installing the Safeguard Software
- Starting the SMP
- Converting to the Safeguard Subsystem
- Updating the Safeguard Software
- Guidelines for Securing the Safeguard Subsystem
- Monitoring the Safeguard Subsystem
- A SAFECOM Command Syntax
- Index
Controlling User Access
Safeguard Administrator’s Manual—523317-013
2-8
Adding Users to the System
TEXT-DESCRIPTION
^
Specifies a string of
descriptive text to be
associated with the user
authentication record.
The default value is no
descriptive text.
BINARY-DESCRIPTION-
LENGTH
Specifies the length in bytes of
the binary description to be
associated with the user
authentication record.
The default value is 0.
REMOTEPASSWORD Sets a remote password for a
node in a network of NonStop
systems.
The default value is no
remote passwords.
However, when the
Safeguard software is
installed on an existing
system, users keep their
established remote
passwords.
DEFAULT-PROTECTION Establishes default protection
attributes for a user's disk
files. The attributes are
ACCESS, OWNER, and the
auditing attributes. DEFAULT-
PROTECTION applies to any
new files the user creates.
The default value is no
default protection. However,
if default protection is
specified for some, but not
all, of the DEFAULT-
PROTECTION attributes, the
unspecified attributes have
the following default values:
an empty access control list;
no auditing; OWNER is the
user for which DEFAULT-
PROTECTION is being
specified.
GUARDIAN DEFAULT
SECURITY
Sets the Guardian default
security string for a user. This
security string is given to any
of the user’s disk files that are
not added to Safeguard.
The default value is OOOO.
However, when the
Safeguard software is
installed on an existing
system, users keep their
established Guardian default
security.
Table 2-1. User Security Attributes and Default Attribute Values (page 3 of 5)
Attribute Description Default Value
*
The OWNER-LIST attribute is supported only on systems running G06.27 and later G-series RVUs and H06.07
and later H-series RVUs.
^
The TEXT-DESCRIPTION attribute is supported only on systems running G06.27 and later G-series RVUs and
H06.06 and later H-series RVUs.