Safeguard Administrator's Manual (G06.24+, H06.03+)
Table Of Contents
- What’s New in This Manual
- About This Manual
- 1 Introduction
- 2 Controlling User Access
- Introduction
- Using SAFECOM to Establish a Local User Community
- Using SAFECOM to Manage User Access to Your System
- Changing the Owner of a User Authentication Record
- Granting a User Temporary Access to Your System
- Requiring Users to Change Their Passwords
- Granting a Grace Period for Changing an Expired Password
- Forcing Immediate Expiration of a User’s Password
- Freezing a User's Ability to Access the System
- Specifying Auditing for a User ID
- Deleting Users
- Deleting Administrative Groups
- Using SAFECOM to Establish a Network of Users
- Using Safeguard With Nodes With Standard Security
- Identifying Network Users
- Granting a Network User Access to Objects on Your System
- Establishing a Community of Network Users
- Changes to the PAID During a User’s Session
- Additional Considerations for Aliases and Groups
- Additional Considerations for ACCESS with Network Specific Subject IDs
- Establishing Default Protection for a User's Disk Files
- Specifying a Default Command Interpreter for a User
- Establishing Guardian Defaults
- Assigning an Alias to a User
- 3 Managing User Groups
- 4 Securing Volumes and Devices
- 5 OBJECTTYPE Control
- 6 Managing Security Groups
- 7 Securing Terminals
- 8 Warning Mode
- 9 Configuration
- Safeguard Attributes
- Configuring User Authentication
- Configuring Password Control
- Configuring Device Control
- Configuring Process Control
- Configuring Disk-File Control
- Configuring Safeguard Auditing
- Configuring a Default Command Interpreter
- Configuring Communication With $CMON
- Configuring Logon Dialog
- Configuring Exclusive Access at Safeguard Terminals
- Configuring Warning Mode
- Configuring Persistence
- Configuring Attributes for Node Specific Subjects in ACLs
- 10 Installation and Management
- Safeguard Components
- Process Considerations for the SMP and SAFECOM
- Safeguard Subsystem Management Commands
- General Installation Procedure
- Installing the Safeguard Software
- Starting the SMP
- Converting to the Safeguard Subsystem
- Updating the Safeguard Software
- Guidelines for Securing the Safeguard Subsystem
- Monitoring the Safeguard Subsystem
- A SAFECOM Command Syntax
- Index
Controlling User Access
Safeguard Administrator’s Manual—523317-013
2-9
Adding Users to the System
GUARDIAN DEFAULT
VOLUME
Sets the Guardian default
volume and subvolume for a
user.
The default value is
$SYSTEM.NOSUBVOL.
However, when the
Safeguard software is
installed on an existing
system, users keep their
established default volume
and subvolume.
CI-PROG Specifies the command
interpreter to be started
automatically after the user
logs on at a terminal controlled
by the Safeguard software.
The default value is no
command interpreter.
However, the CI-PROG
global configuration attribute
is set to
$SYSTEM.SYSTEM.TACL.
This value is used if no
command interpreter is
specified for the user or the
Safeguard terminal.
CI-LIB Specifies the library to be used
with the command interpreter
started after the user logs on
at a terminal controlled by the
Safeguard software.
The default value is no
library file.
CI-NAME Specifies the process name to
be given to the command
interpreter started after the
user logs on at a terminal
controlled by the Safeguard
software.
The default value is NONE.
The command interpreter is
be given a random name of
the form $Znnn.
CI-CPU Specifies the processor in
which the command
interpreter is to be started.
The default value is any
CPU.
CI-SWAP Specifies the swap volume to
be used when the command
interpreter is started after the
user logs on at a terminal
controlled by the Safeguard
software.
The default value is null.
Table 2-1. User Security Attributes and Default Attribute Values (page 4 of 5)
Attribute Description Default Value
*
The OWNER-LIST attribute is supported only on systems running G06.27 and later G-series RVUs and H06.07
and later H-series RVUs.
^
The TEXT-DESCRIPTION attribute is supported only on systems running G06.27 and later G-series RVUs and
H06.06 and later H-series RVUs.