Manualshelf

Safeguard Reference Manual (G06.24+, H06.03+ )

ManualsBrandsHP ManualsServerHP NonStop G-Series
41424344454647484950
Introduction
Safeguard Reference Manual520618-013
1-10
Components of the Safeguard Subsystem
Thus, if REMOTE is the value of AUDIT-ACCESS-PASS for a disk file, the Safeguard
software audits any attempt that it authorizes to access the file (that is, any authorized
OPEN requests for READ, WRITE, EXECUTE, or PURGE access) that originate from
a remote system or are sent by a remote user.
The remote user described here is not the same as the network user (defined in
Section 2, Common SAFECOM Language Elements). A network user is a user who
has been added to several systems and has matching remote passwords between
those systems. A remote user is simply a process that is not locally authenticated. The
remote user does not necessarily have a matching password definition on the local
system. For more information, see Network Users on page 2-17.
Components of the Safeguard Subsystem
The Safeguard subsystem consists of a number of processes and security database
files. These processes cooperate to manage the contents of the security database, to
authenticate users, and to authorize attempts to access protected objects.
The following components reside on every system where the Safeguard software has
been installed:
The subject database, which contains a user-authentication record for every user
authorized to use the system.
The object database, which contains an object authorization record for every disk
file, disk volume, disk subvolume, device, process name, and OBJECTTYPE
protected by the Safeguard facility.
The Security Manager Process (SMP), which runs under the process name
$ZSMP and is responsible for managing all changes to the subject and object
databases. The SMP also verifies that the name and password supplied by the
user match a user name and associated password stored in the subject database.
SAFECOM, which is the command interpreter that provides an interactive interface
to the SMP.
The Security Monitor (SMON), which authorizes all attempts to access protected
objects. A separate SMON process runs in every CPU in a protected system. Each
SMON performs authorization operations for all security-related transactions in that
CPU. The SMP ensures that all SMONs are operational.
Who Can Use SAFECOM Commands
Only users who have EXECUTE authority for the SAFECOM program object disk file
can run SAFECOM. By creating an access control list for the SAFECOM object file, a
security administrator can restrict EXECUTE authority for the SAFECOM program to a
few users or to a single user.
The Safeguard software also limits who can execute certain SAFECOM commands.
For example, some restrictions are placed on the ADD command, which creates a