Safeguard Administrator's Manual (G06.24+, H06.03+)
Table Of Contents
- What’s New in This Manual
- About This Manual
- 1 Introduction
- 2 Controlling User Access
- Introduction
- Using SAFECOM to Establish a Local User Community
- Using SAFECOM to Manage User Access to Your System
- Changing the Owner of a User Authentication Record
- Granting a User Temporary Access to Your System
- Requiring Users to Change Their Passwords
- Granting a Grace Period for Changing an Expired Password
- Forcing Immediate Expiration of a User’s Password
- Freezing a User's Ability to Access the System
- Specifying Auditing for a User ID
- Deleting Users
- Deleting Administrative Groups
- Using SAFECOM to Establish a Network of Users
- Using Safeguard With Nodes With Standard Security
- Identifying Network Users
- Granting a Network User Access to Objects on Your System
- Establishing a Community of Network Users
- Changes to the PAID During a User’s Session
- Additional Considerations for Aliases and Groups
- Additional Considerations for ACCESS with Network Specific Subject IDs
- Establishing Default Protection for a User's Disk Files
- Specifying a Default Command Interpreter for a User
- Establishing Guardian Defaults
- Assigning an Alias to a User
- 3 Managing User Groups
- 4 Securing Volumes and Devices
- 5 OBJECTTYPE Control
- 6 Managing Security Groups
- 7 Securing Terminals
- 8 Warning Mode
- 9 Configuration
- Safeguard Attributes
- Configuring User Authentication
- Configuring Password Control
- Configuring Device Control
- Configuring Process Control
- Configuring Disk-File Control
- Configuring Safeguard Auditing
- Configuring a Default Command Interpreter
- Configuring Communication With $CMON
- Configuring Logon Dialog
- Configuring Exclusive Access at Safeguard Terminals
- Configuring Warning Mode
- Configuring Persistence
- Configuring Attributes for Node Specific Subjects in ACLs
- 10 Installation and Management
- Safeguard Components
- Process Considerations for the SMP and SAFECOM
- Safeguard Subsystem Management Commands
- General Installation Procedure
- Installing the Safeguard Software
- Starting the SMP
- Converting to the Safeguard Subsystem
- Updating the Safeguard Software
- Guidelines for Securing the Safeguard Subsystem
- Monitoring the Safeguard Subsystem
- A SAFECOM Command Syntax
- Index
Warning Mode
Safeguard Administrator’s Manual—523317-013
8-2
Considerations for Disk Files and Processes
Considerations for Disk Files and Processes
Because disk files and processes have Guardian security associated with them,
special circumstances can apply in warning mode when Safeguard protection is
bypassed. For these two types of objects, you can specify that warning mode be run
with a fallback option. The fallback option is controlled by a Safeguard global
configuration attribute that can be set to either GUARDIAN or GRANT.
The GUARDIAN setting invokes Guardian security rulings when Safeguard protection
that denies access has been bypassed in warning mode. The fallback option allows
you to test the Safeguard security settings while maintaining Guardian protection.
With the fallback option set to GRANT, the Safeguard software ignores the Guardian
security settings and grants the access that it would otherwise deny. This can be
useful, for example, if you know that Guardian security has not been kept current with
your security policy. This method of operation can also be useful in certain emergency
situations when routine security measures need to be suspended.
Diskfile patterns can be used to reduce administrative burden by supplying one pattern
that matches many subvolumes or filenames. For more information on diskfile patterns,
see the Safeguard User’s Guide.
Disk-File Security
In warning mode with the fallback option set to GUARDIAN, the Safeguard software
treats disk-file access attempts in the following manner. If the disk file’s access control
list does not permit the access attempt, the Safeguard software checks the Guardian
disk-file security string before granting the attempt. If the Guardian security string
grants the access, the Safeguard software allows the access and writes an audit
record with the outcome WARNING. If the security string does not grant the access,
the Safeguard software denies the access attempt. No audit record is written in this
instance unless auditing is specified for the disk file.
Table 8-2
on page 8-3 shows how the Safeguard software handles disk files in
standard mode and in warning mode with the fallback option set to GUARDIAN and
GRANT. The fallback option is meaningful only when a Safeguard protection record
exists.