Safeguard Administrator's Manual (G06.29+, H06.08+, J06.03+)
Installation and Management
Safeguard Administrator’s Manual—523317-029
10-5
Installing the Safeguard Software
Installing the Safeguard Software
The method you use to install the Safeguard software is based on the software RVU
you are running and manner in which you want the Safeguard software to be started
and stopped.
•
If you want the Safeguard software to run continuously from the time the system is
loaded until the time it is stopped:
•
For G-series RVUs, you must use the SCF ADD command to add the
Safeguard software to the Kernel subsystem and system configuration
database as a persistent process.
•
For D-series RVUs, you must configure the Safeguard software in your
CONFTEXT file and run SYSGEN to include it in the OSIMAGE file.
•
If you want to start the Safeguard software sometime after the system is loaded
and then stop it without stopping the system, use DSM/SCM to install the software
according to standard installation procedures. For more information about
DSM/SCM usage, see the DSM/SCM User’s Guide. For more information about
Safeguard installation instructions, see your Safeguard softdoc.
Adding the Safeguard Software to the Kernel Subsystem (G-
Series RVUs)
To add the Safeguard software to the Kernel subsystem as a persistent process, you
must execute an SCF ADD PROCESS command. This command shows
recommended settings for the command attributes:
-> ADD PROCESS $ZZKRN.#ZSMP, &
AUTORESTART 10, &
Note. Regardless of the method used to install the Safeguard software, you can make the
super ID undeniable on the local system by adding the following line to the ALLPROCESSORS
PARAGRAPH of the CONFTEXT file:
SUPER_SUPER_IS_UNDENIABLE;
If you add this line, the Safeguard software ignores explicit denials of access authorities for the
super ID. The SUPER_SUPER_IS_UNDENIABLE parameter takes effect when the system is
loaded with the OSIMAGE file that was produced from the CONFTEXT file containing this
parameter. (This specification does not apply to remote nodes.)
Guardian file security settings, Safeguard ACLs, and SEEP Authorization rules are ignored if
the PAID of the user is 255,255. Security checks within SAFECOM are ignored for users with a
PAID of 255,255.
If SUPER.SUPER is declared undeniable. That is if a Safeguard ACL denies access to
SUPER.SUPER, that denial is ignored. This applies to both aliases of SUPER.SUPER, and the
SUPER.SUPER user because all the checks are done by User ID only. The authentication
process is not affected if the SUPER ID is undeniable, because it is applicable for authorization
checks only. The DENIABLE/UNDENIABLE setting has no effect on OSS file access.