Safeguard Administrator's Manual (G06.24+, H06.03+)
Table Of Contents
- What’s New in This Manual
- About This Manual
- 1 Introduction
- 2 Controlling User Access
- Introduction
- Using SAFECOM to Establish a Local User Community
- Using SAFECOM to Manage User Access to Your System
- Changing the Owner of a User Authentication Record
- Granting a User Temporary Access to Your System
- Requiring Users to Change Their Passwords
- Granting a Grace Period for Changing an Expired Password
- Forcing Immediate Expiration of a User’s Password
- Freezing a User's Ability to Access the System
- Specifying Auditing for a User ID
- Deleting Users
- Deleting Administrative Groups
- Using SAFECOM to Establish a Network of Users
- Using Safeguard With Nodes With Standard Security
- Identifying Network Users
- Granting a Network User Access to Objects on Your System
- Establishing a Community of Network Users
- Changes to the PAID During a User’s Session
- Additional Considerations for Aliases and Groups
- Additional Considerations for ACCESS with Network Specific Subject IDs
- Establishing Default Protection for a User's Disk Files
- Specifying a Default Command Interpreter for a User
- Establishing Guardian Defaults
- Assigning an Alias to a User
- 3 Managing User Groups
- 4 Securing Volumes and Devices
- 5 OBJECTTYPE Control
- 6 Managing Security Groups
- 7 Securing Terminals
- 8 Warning Mode
- 9 Configuration
- Safeguard Attributes
- Configuring User Authentication
- Configuring Password Control
- Configuring Device Control
- Configuring Process Control
- Configuring Disk-File Control
- Configuring Safeguard Auditing
- Configuring a Default Command Interpreter
- Configuring Communication With $CMON
- Configuring Logon Dialog
- Configuring Exclusive Access at Safeguard Terminals
- Configuring Warning Mode
- Configuring Persistence
- Configuring Attributes for Node Specific Subjects in ACLs
- 10 Installation and Management
- Safeguard Components
- Process Considerations for the SMP and SAFECOM
- Safeguard Subsystem Management Commands
- General Installation Procedure
- Installing the Safeguard Software
- Starting the SMP
- Converting to the Safeguard Subsystem
- Updating the Safeguard Software
- Guidelines for Securing the Safeguard Subsystem
- Monitoring the Safeguard Subsystem
- A SAFECOM Command Syntax
- Index
Warning Mode
Safeguard Administrator’s Manual—523317-013
8-3
Process Stop Mode Security
Process Stop Mode Security
Although processes do not have preexisting Guardian security, they do have stop
modes, which influence whether or not a task can be stopped by another process.
Definitions of the three stop modes follow:
•
Mode 0 indicates that this process can be stopped by any other process.
•
Mode 1 indicates that this process can be stopped only by the super ID, a process
whose PAID is the same as this process’s PAID or CAID or, a process whose PAID
is the same the PAID or CAID of the group manager.
•
Mode 2 indicates that this process cannot be stopped by any other process.
Table 8-3
on page 8-4 shows how the Safeguard software handles process stop
attempts in standard mode and in warning mode with the fallback option set to
GUARDIAN and GRANT.
If a process has stop mode 2 and the access attempt is granted, the Safeguard
software writes an audit record with the outcome of either WARNING or GRANTED.
However, the process is not actually stopped because the Guardian stop mode of 2
always takes precedence over the Safeguard ruling.
As Table 8-3 on page 8-4 shows, the single difference between the GUARDIAN and
GRANT settings of the fallback option is that the Safeguard software adheres to
Guardian rules for a process in stop mode 1 when the fallback is GUARDIAN.
Table 8-2. Warning Mode Rulings on Disk-File ACLs
Safeguard ACL Ruling
Guardian
Security
Access
Result
Audit Record
Generated
Outcome in
Audit Record
Standard Mode
Grants
Denies
No record
N.A.
N.A.
Use Guardian
Yes
No
Yes/No~
As specified
As specified
No
Granted
Denied
N.A.
Warning Mode Fallback
Guardian
Grants
Denies
Denies
No record
N.A.
Grants
Denies
Use Guardian
Yes
Yes*
No*
Yes/No~
As specified
Always
As specified
No
Granted
Warning*
Denied
N.A.
Warning Mode Fallback
Grant
Grants
Denies
No record
N.A.
N.A.
Use Guardian
Yes
Yes*
Yes/No~
As specified
Always*
No
Granted
Warning*
N.A.
* Indicates that access result is due to warning mode evaluation of the access control list.
~ Indicates that access result is determined by Guardian security string.