Safeguard Administrator's Manual (G06.24+, H06.03+)
Table Of Contents
- What’s New in This Manual
- About This Manual
- 1 Introduction
- 2 Controlling User Access
- Introduction
- Using SAFECOM to Establish a Local User Community
- Using SAFECOM to Manage User Access to Your System
- Changing the Owner of a User Authentication Record
- Granting a User Temporary Access to Your System
- Requiring Users to Change Their Passwords
- Granting a Grace Period for Changing an Expired Password
- Forcing Immediate Expiration of a User’s Password
- Freezing a User's Ability to Access the System
- Specifying Auditing for a User ID
- Deleting Users
- Deleting Administrative Groups
- Using SAFECOM to Establish a Network of Users
- Using Safeguard With Nodes With Standard Security
- Identifying Network Users
- Granting a Network User Access to Objects on Your System
- Establishing a Community of Network Users
- Changes to the PAID During a User’s Session
- Additional Considerations for Aliases and Groups
- Additional Considerations for ACCESS with Network Specific Subject IDs
- Establishing Default Protection for a User's Disk Files
- Specifying a Default Command Interpreter for a User
- Establishing Guardian Defaults
- Assigning an Alias to a User
- 3 Managing User Groups
- 4 Securing Volumes and Devices
- 5 OBJECTTYPE Control
- 6 Managing Security Groups
- 7 Securing Terminals
- 8 Warning Mode
- 9 Configuration
- Safeguard Attributes
- Configuring User Authentication
- Configuring Password Control
- Configuring Device Control
- Configuring Process Control
- Configuring Disk-File Control
- Configuring Safeguard Auditing
- Configuring a Default Command Interpreter
- Configuring Communication With $CMON
- Configuring Logon Dialog
- Configuring Exclusive Access at Safeguard Terminals
- Configuring Warning Mode
- Configuring Persistence
- Configuring Attributes for Node Specific Subjects in ACLs
- 10 Installation and Management
- Safeguard Components
- Process Considerations for the SMP and SAFECOM
- Safeguard Subsystem Management Commands
- General Installation Procedure
- Installing the Safeguard Software
- Starting the SMP
- Converting to the Safeguard Subsystem
- Updating the Safeguard Software
- Guidelines for Securing the Safeguard Subsystem
- Monitoring the Safeguard Subsystem
- A SAFECOM Command Syntax
- Index
Safeguard Administrator’s Manual—523317-013
4-1
4 Securing Volumes and Devices
The Safeguard User's Guide explains how to secure disk files, subvolumes, and
processes. This section describes how to secure disk volumes and devices. By default,
only super-group members can add volumes and devices to the Safeguard database.
(However, you can also define a special group of users to be responsible for volumes
and devices. To do so, use the appropriate OBJECTTYPE authorization, as described
in Section 5, OBJECTTYPE Control.) This section explains how to secure volumes and
devices.
You secure volumes and devices in generally the same manner that you secure other
objects. You use the same basic set of nine security commands—ADD, ALTER,
DELETE, INFO, SET, RESET, SHOW, FREEZE, and THAW. For example, if you want
to add a device to the Safeguard database, use the ADD DEVICE command. Table 4-1
reviews these security commands.
The access authorities for volumes are the same as those for disk files and
subvolumes. The access authorities for devices are limited to READ, WRITE, and
OWNER because other authorities are not meaningful for devices. For your
convenience, Table 4-2 on page 4-2 lists the valid access authorities for each type of
system object.
You can also use LIKE, DENY, and the minus sign (-) to control attributes of volumes
and devices in the same manner you use them with other system objects. And you can
specify auditing in the same manner that you would specify it for other objects.
Table 4-1. Security Commands for Volumes and Devices
Command Description
SET Establishes default values for the volume or device security attributes. When a
volume or device is added to the system, these default values are used for any
attributes not specified with the ADD command.
SHOW Displays the current values of the default security attributes for volumes or
devices.
ADD Adds a volume or device to the Safeguard database by creating an object
authorization record for it.
RESET Resets the value of one or more default security attributes to predefined
values.
INFO Displays the current values of the security attributes defined for a volume or
device.
ALTER Changes one or more security attributes in the authorization record for a
volume or device.
FREEZE Suspends access authority to a volume or device.
THAW Restores access authority to a frozen volume or device.
DELETE Removes a volume or device from the Safeguard database by deleting the
object authorization record.