Safeguard Administrator's Manual (G06.29+, H06.08+, J06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series

131

132

133

134

135

136

137

138

139

140

Configuration

Safeguard Administrator’s Manual—523317-029

9-19

Configuring Disk-File Control

CHECK-SUBVOLUME

Access control lists are checked at the subvolume level. The initial value is OFF.

The Safeguard software checks for CREATE authority at the subvolume level even

when CHECK-SUBVOLUME is OFF.

CHECK-FILENAME

Access control lists are checked at the disk-file level. The initial value is ON.

DIRECTION-DISKFILE

Determines which direction to search for access control lists if more than one of

the preceding attributes is ON. The value can be either VOLUME-FIRST or

FILENAME-FIRST. This attribute is used in conjunction with

COMBINATION-DISKFILE. (For more information, see the following note.) The

initial value is VOLUME-FIRST.

COMBINATION-DISKFILE

Determines how conflicts are resolved among volume, subvolume, and disk file

access control lists. This attribute is used in conjunction with

DIRECTION-DISKFILE (for more information, see the following note). The value

can be FIRST-ACL, FIRST-RULE, or ALL. The initial value is ALL.

ACL-REQUIRED-DISKFILE

If no access control list is found, access is denied. If this attribute is OFF, and no

Safeguard protection record is found, the Guardian security settings are used. The

initial value is OFF.

CLEARONPURGE-DISKFILE

Sets disk files to all zeros when purged. If set to OFF, the disk space is deallocated

when purged, but the data is not set to zeros. The initial value is OFF.

Note. COMBINATION-DISKFILE resolves conflicts among volume, subvolume, and disk-file

access control lists. The Safeguard software searches for an access control list in the order

determined by DIRECTION-DISKFILE. If you want to use the first access control list it finds,

specify FIRST-ACL. If you want the search to continue until it finds an access control list that

involves the user ID (either ACCESS or DENY), specify FIRST-RULE. If you want to allow

access only if specified on all access control lists, specify ALL.

Caution. If you set ACL-REQUIRED-DISKFILE ON, you must have an access control list for

the SAFECOM program file that grants execute authority to you. Otherwise, when you

complete your current session, you cannot control Safeguard through the SAFECOM

command interpreter because you cannot run SAFECOM.

Note. When set to ON, the value of this attribute remains effective even after the Safeguard

subsystem is stopped. If you want this feature to be effective only when Safeguard is up, you

must set the value to OFF before stopping Safeguard.