Safeguard Reference Manual Abstract This manual describes the syntax of commands needed to secure an HP NonStop™ system using the Safeguard software. The manual is intended for security administrators and general users. Product Version Safeguard G06.06, H05 Supported Release Version Updates (RVUs) This publication supports J06.03 and all subsequent J-series RVUs, H06.08 and all subsequent H-series RVUs, and G06.29 and all subsequent G-series RVUs, until otherwise indicated by its replacement publications.
Document History Part Number Product Version Published 520618-025 Safeguard G06.06, H05 August 2011 520618-026 Safeguard G06.06, H05 February 2012 520618-027 Safeguard G06.06, H05 August 2012 520618-028 Safeguard G06.06, H05 February 2013 520618-029 Safeguard G06.06, H05 August 2013 520618-030 Safeguard G06.
Legal Notices © Copyright 2014 Hewlett-Packard Development Company L.P. Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. The information contained herein is subject to change without notice.
Safeguard Reference Manual Index Figures Tables Legal Notices What is New in this Manual xix Manual Information xix New and Changed Information xix About This Manual xxv Readership of the Manual xxv Organization of This Manual xxv Notation Conventions xxviii 1.
2. Common SAFECOM Language Elements Contents Remote User 1-9 Remotely Authenticated User 1-9 Unauthenticated User 1-9 Local Request 1-9 Remote Request 1-10 Interaction of Local and Remote Users and Requests Components of the Safeguard Subsystem 1-10 Who Can Use SAFECOM Commands 1-11 Abbreviating SAFECOM Commands 1-13 The Super ID 1-13 2.
3.
4. SAFECOM Session-Control Commands Contents Considerations 3-4 Examples 3-4 4.
5. User Security Commands Contents Example 4-20 OBEY Command 4-20 Considerations 4-21 Example 4-21 OUT Command 4-22 Considerations 4-22 Example 4-22 SYNTAX Command 4-23 Consideration 4-23 Example 4-23 SYSTEM Command 4-23 Considerations 4-24 Example 4-24 VOLUME Command 4-25 Consideration 4-25 Example 4-25 ? Command 4-26 Examples 4-27 ! Command 4-27 Examples 4-28 Comment Delimiters 4-28 Example 4-29 Continuation Character 4-29 Example 4-29 5.
6. User Alias Security Commands Contents Considerations 5-25 Examples 5-25 INFO USER Command 5-26 INFO USER Brief Report 5-28 INFO USER Detailed Report 5-29 Examples 5-34 RESET USER Command 5-35 Considerations 5-38 Examples 5-38 SET USER Command 5-40 Considerations 5-52 Examples 5-52 SHOW USER Command 5-54 SHOW USER Report Format 5-54 Examples 5-57 THAW USER Command 5-59 Examples 5-60 6.
7. Group Commands Contents Examples 6-32 RESET ALIAS Command 6-33 Examples 6-37 SET ALIAS Command 6-38 Considerations 6-50 Examples 6-50 SHOW ALIAS Command 6-51 SHOW ALIAS Report Format Examples 6-56 THAW ALIAS Command 6-57 Examples 6-58 6-53 7.
8.
Contents 9.
Contents 10.
Contents 11. Process and Subprocess Security Commands INFO DEVICE and SUBDEVICE Commands 10-20 INFO DEVICE and SUBDEVICE Brief Report 10-21 INFO DEVICE and SUBDEVICE Detailed Report 10-23 Example 10-24 RESET DEVICE and SUBDEVICE Commands 10-24 Consideration 10-25 Example 10-25 SET DEVICE and SUBDEVICE Commands 10-26 Example 10-32 SHOW DEVICE and SUBDEVICE Commands 10-32 SHOW DEVICE and SUBDEVICE Report Format 10-33 Example 10-34 THAW DEVICE and SUBDEVICE Commands 10-34 Example 10-35 11.
12. OBJECTTYPE Security Commands Contents Example 11-26 RESET PROCESS and SUBPROCESS Commands 11-27 Considerations 11-28 Example 11-28 SET PROCESS and SUBPROCESS Commands 11-28 Example 11-35 SHOW PROCESS and SUBPROCESS Commands 11-36 SHOW PROCESS and SUBPROCESS Report Format 11-36 Example 11-38 THAW PROCESS and SUBPROCESS Commands 11-38 Example 11-39 12.
13. Security Group Commands Contents Example 12-30 13.
15. Event-Exit-Process Commands Contents DELETE TERMINAL Command 14-7 Considerations 14-7 Examples 14-8 FREEZE TERMINAL Command 14-8 Consideration 14-8 Examples 14-8 INFO TERMINAL Command 14-8 INFO TERMINAL Report Format 14-9 Examples 14-10 THAW TERMINAL Command 14-10 Considerations 14-11 Examples 14-11 15.
16. Safeguard Subsystem Commands Contents Timeout Policy for Authentication 15-30 Other Error Handling for Authentication 15-30 Auditing of Authentication Events 15-31 Processing of Password-Quality Requests 15-31 Timeout Policy for Password-Quality Requests 15-31 User Database Synchronization 15-32 General Procedure 15-32 Password Synchronization 15-33 Event-Exit Design, Management, and Operation 15-33 16.
Tables Contents Figure 9-2. Figure 9-3. Figure 10-1. Figure 10-2. Figure 10-3. Figure 11-1. Figure 11-2. Figure 11-3. Figure 12-1. Figure 12-2. Figure 12-3. Figure 13-1. Figure 13-2. Figure 13-3. Figure 14-1. Figure 15-1. Figure 15-2.
Contents Table 15-5. Table 15-6. Table 15-7. Table 15-8. Table 15-9. Table 15-10. Table 15-11. Table 16-1. Table 16-2. Table B-1. Table B-2. Table B-3. Table B-4.
Contents Safeguard Reference Manual — 520618-030 xviii
What is New in this Manual Manual Information Safeguard Reference Manual Abstract This manual describes the syntax of commands needed to secure an HP NonStop™ system using the Safeguard software. The manual is intended for security administrators and general users. Product Version Safeguard G07, H05 Supported Release Version Updates (RVUs) This publication supports J06.03 and all subsequent J-series RVUs, H06.08 and all subsequent H-series RVUs, and G06.
Changes to the 520618-029 manual What is New in this Manual Changes to the 520618-029 manual • • Updated the following sections: ° ° • • • • • • • • Security Group Commands on page 13-1. Updated the following commands: • • Security Groups on page 1-7. ADD SECURITY-GROUP Command: ° ° Attribute sec-group-spec on page 13-5. Example on page 13-9. ALTER SECURITY-GROUP Command: ° ° Attribute sec-group-spec on page 13-11. Example on page 13-15.
Changes to the 520618-028 manual What is New in this Manual • • Added the attribute PROMPT-BEFORE-STOP {ON | OFF} on page 16-29. Added error messages on the following pages: ° ° Page A-7. Page A-37. Changes to the 520618-028 manual • • • • • • • • • • • • • • • • • • Updated the section Security Groups on page 1-7. Updated the STATIC FAILED LOGON COUNT = count on page 5-32.
Changes to the 520618-027 manual What is New in this Manual • • • Updated the section Event-Exit Design, Management, and Operation on page 15-33. Added error messages on the following pages: ° ° Page A-6 . Page A-7. Added warning messages on the following pages: ° ° Page A-36. Page A-37. Changes to the 520618-027 manual • • • • • • Added note for the year on page 5-15. Updated the maximum value for STATIC FAILED LOGON COUNT = count on page 5-32.
Changes to the 520618-025 manual What is New in this Manual • Added new error messages on pages A-5 and A-6, and a warning message on page A-36. Changes to the 520618-025 manual • • • • • • • • • Added a Note on page 5-2 to the User Security Commands section. Added a Note on page 6-2 to the User Alias Security Commands section. Updated the attribute CLEARONPURGE-DISKFILE { ON | OFF } on page 16-14. Added a Note on page 13-1 to the Security User Group section.
Changes to the H06.21/J06.10 Manual What is New in this Manual • • • • • • ° ° INITIAL-PROGRAM [prog-path] on page 5-18. INITIAL-PROGTYPE [prog-type] on page 5-18. Added information on the SECURITY-PRV-ADMINISTRATOR security group in Security Group Commands. Corrected the order of the Subject data fields in Table 15-3, Subject_Data, on page 15-17.
Changes to the H06.20/J06.09 Manual What is New in this Manual • • • • • • ° ° ° ° ° ° ° DELETE SAVED-DISKFILE-PATTERN Command on page 8-89. FREEZE SAVED-DISKFILE-PATTERN Command on page 8-90. INFO SAVED-DISKFILE-PATTERN Command on page 8-91. RESET SAVED-DISKFILE-PATTERN Command on page 8-94. SET SAVED-DISKFILE-PATTERN Command on page 8-95. SHOW SAVED-DISKFILE-PATTERN Command on page 8-99. THAW SAVED-DISKFILE-PATTERN Command on page 8-100.
Changes to the H06.19/J06.08 Manual What is New in this Manual • • • • • ° OBJECT-TEXT-DESCRIPTION field and RESET-OBJECT-DESCRIPTION attribute on pages 8-27, 8-27, 9-10, 9-16, 9-31, 10-9, 10-15, 10-29, 11-11, 11-17, 11-18, 11-32, 12-9, 12-15, 12-27, 13-8, and 13-14. ° ° AUDIT-OSS-FILTER attribute on pages 16-6 and 16-24. AUDIT-TACL-LOGOFF on pages 16-6 and 16-24. Updated the INFO USER command display on page 5-54. Updated the ADD GROUP Command section on page 7-4.
Changes to the H06.19/J06.08 Manual What is New in this Manual • • • • • • • • • • • • Added a note on including wild-card pattern in the ADD GROUP command on page 7-5. Added examples to depict how wild cards can be used to specify group member names in the ADD GROUP command on page 7-7. Added a note on including wild-card pattern in the ALTER GROUP command on page 7-10. Added the following attributes and their descriptions to the INFO GROUP detailed report: ° ° ° ° CREATION-TIME on page 7-17.
What is New in this Manual • • • • Changes to the H06.19/J06.08 Manual Updated the description of WARNING-FALLBACK-SECURITY { GUARDIAN | GRANT } on page 16-26. Added new error messages on pages A-17, A-18, A-29, and A-32. Added Table B-3, CHECK-DISKFILE-PATTERN settings when value is MID and Direction Diskfile is Filename-First on page B-5. Added Table B-4, CHECK-DISKFILE-PATTERN settings when value is MID and Direction Diskfile is Volume-First on page B-5.
About This Manual This reference manual presents the detailed syntax for the commands of SAFECOM, the command interpreter for the Safeguard subsystem. You use SAFECOM to establish Safeguard protection for users and system objects. Readership of the Manual This manual is intended for security administrators or other users who want to secure objects on their system or control user access to the system.
Organization of This Manual About This Manual Section Description (page 2 of 3) Section 5, User Security Commands Sections 5 through 11 contain syntax descriptions of the commands that manage protection for the following system elements: Section 6, User Alias Security Commands • Section 7, Group Commands Section 8, Disk-File Security Commands • Section 9, Disk Volume and Subvolume Security Commands • Section 10, Device and Subdevice Security Commands • Section 11, Process and Subprocess Securi
Related Manuals About This Manual Section Description (page 3 of 3) Section 16, Safeguard Subsystem Commands Describes the Safeguard subsystem management commands, which are used to obtain information about the Safeguard subsystem, alter the Safeguard configuration, and stop the Safeguard software. Section 17, Running Other Programs From SAFECOM Describes the SAFECOM RUN command. Appendix A, SAFECOM Error and Warning Messages Explains SAFECOM error messages and define disk file access rules.
Notation Conventions About This Manual Notation Conventions Hypertext Links Blue underline is used to indicate a hypertext link within text. By clicking a passage of text with a blue underline, you are taken to the location described. For example: This requirement is described under Backup DAM Volumes and Physical Disk Drives on page 3-2. General Syntax Notation The following list summarizes the notation conventions for syntax presentation in this manual. UPPERCASE LETTERS.
General Syntax Notation About This Manual each side of the list, or horizontally, enclosed in a pair of brackets and separated by vertical lines. For example: FC [ num ] [ -num ] [ text ] K [ X | D ] address { } Braces. A group of items enclosed in braces is a list from which you are required to choose one item. The items in the list may be arranged either vertically, with aligned braces on each side of the list, or horizontally, enclosed in a pair of braces and separated by vertical lines.
Notation for Messages About This Manual Line Spacing. If the syntax of a command is too long to fit on a single line, each continuation line is indented three spaces and is separated from the preceding line by a blank line. This spacing distinguishes items in a continuation line from items in a vertical list of selections. For example: ALTER [ / OUT file-spec / ] LINE [ , attribute-spec ]… !i and !o.
Notation for Messages About This Manual Nonitalic text. Nonitalic letters, numbers, and punctuation indicate text that is displayed or returned exactly as shown. For example: Backup Up. lowercase italic letters. Lowercase italic letters indicate variable items whose values are displayed or returned. For example: p-register process-name [ ] Brackets. Brackets enclose items that are sometimes, but not always, displayed.
Notation for Management Programming Interfaces About This Manual Notation for Management Programming Interfaces The following list summarizes the notation conventions used in the boxed descriptions of programmatic commands, event messages, and error lists in this manual. UPPERCASE LETTERS. Uppercase letters indicate names from definition files; enter these names exactly as shown. For example: ZCOM-TKN-SUBJ-SERV lowercase letters.
1 Introduction This section introduces the Safeguard software and presents important basic concepts: • • • • Safeguard security-management features ° ° ° ° ° ° ° User Authentication Object-access authorization Auditing Control of logon dialog Security groups File-sharing groups Event-exit processes Definition of the terms authentication, remote, and local Who can use the SAFECOM commands and how this authority is granted Definition of the super ID’s capabilities and limitations For more information
User Authentication Introduction • Group managers can create Safeguard authentication records (ADD USER and ADD ALIAS) unless an alternative list of users has been specified with the access control list for OBJECTTYPE USER. A user-authentication record contains these attributes: • ° ° OWNER ° ° ° ° ° ° ° ° ° ° ° ° ° ° ° ° ° PASSWORD ° CREATION-TIME of the user (supported only on systems running J06.04 and later J-series RVUs, H06.15 and later H-series RVUs, and G06.32 and later Gseries RVUs.
Object-Access Authorization Introduction • • • The primary and secondary owners of a record can freeze and thaw the ability of a user or alias to log on (FREEZE USER or ALIAS and THAW USER or ALIAS). The primary and secondary owners of a record can delete the record (DELETE USER or DELETE ALIAS). The primary and secondary owners of a record can display record information using the INFO USER command.
Object-Access Authorization Introduction • • • The owner of a file authorization record can freeze and thaw access to the file (FREEZE DISKFILE and THAW DISKFILE). The owner of a file record can delete the record (DELETE DISKFILE). Diskfile patterns reduce administrative burden by supplying one pattern that can match many volumes, subvolumes, or filenames. For more information, see the Safeguard User’s Guide.
Object-Access Authorization Introduction Control Features for Devices • Any local super-group user can create a Safeguard device authorization record (ADD DEVICE) unless a specific list of users has been designated with an access control list for OBJECTTYPE DEVICE.
Object-Access Authorization Introduction • • • ° ° OWNER—ownership can be transferred to any user ° Auditing specifications ACCESS—an access control list to authorize access: Read, Write, Purge (stop), Create, Owner (RWPCO) The owner of a process name authorization record can modify the record (ALTER PROCESS). The owner of a process-name record can freeze and thaw access to the process name (FREEZE PROCESS and THAW PROCESS). The owner of a process-name record can delete the record (DELETE PROCESS).
File-Sharing Groups Introduction ° Auditing specifications Note. Starting with H06.24/J06.13 RVUs, the OBJECTTYPE USER is granted additional access permissions, WRITE (W) and PURGE (P), along with the existing CREATE (C) and OWNER (O) permissions. Members having the WRITE (W) permission on OBJECTTYPE USER can modify any subject records. Members having the PURGE (P) permission on OBJECTTYPE USER can purge any subject records. Note. Starting with H06.26/J06.
Event-Exit Process Introduction terminal, you can specify that a particular command interpreter be started automatically after user authentication at the terminal. Prior to D30, an extended logon dialog was available only at Safeguard terminals. Effective with D30, the HP Tandem Advanced Command Language (TACL) command interpreter also provides these extended features as long as Safeguard is running.
Definition of Terms: Authentication, Local, and Remote Introduction User Auditing For users, the following auditing specifications are available: AUDIT-AUTHENTICATE-PASS AUDIT-AUTHENTICATE-FAIL AUDIT-MANAGE-PASS AUDIT-MANAGE-FAIL AUDIT-USER-ACTION-PASS AUDIT-USER-ACTION-FAIL For users, the two AUDIT-AUTHENTICATE attributes control the auditing of user authentication attempts.
Interaction of Local and Remote Users and Requests Introduction Remote User A term used in this manual to refer to either a remotely authenticated user or an unauthenticated user. Remotely Authenticated User A valid network user who has been authenticated by a node other than the local node. Unauthenticated User A process that lacks a valid user ID; for example, a user who has failed remote validation in an attempt to access objects on the local node.
Who Can Use SAFECOM Commands Introduction The following components reside on every system where the Safeguard software has been installed: • • • • • • The subject database, which contains a user-authentication record for every user authorized to use the system. The object database, which contains an object authorization record for every disk file, disk volume, disk subvolume, device, process name, and OBJECTTYPE protected by the Safeguard facility.
Introduction Who Can Use SAFECOM Commands Safeguard record for an object or user. In general, the SAFECOM commands that manage an existing Safeguard record are restricted to the user who owns the record and to that user’s group manager. However, the record can also be managed by any user who has been granted OWNER authority on the object’s access control list. This includes both the primary owner and any secondary owners.
Who Can Use SAFECOM Commands Introduction Table 1-1.
Abbreviating SAFECOM Commands Introduction Note. The Command Prefix, INFO GROUP, is supported only on systems running H06.09 and later H-series RVUs. Abbreviating SAFECOM Commands You can abbreviate any SAFECOM reserved words, including commands, attributes, and keywords. In most instances, you can abbreviate a reserved word to its first three characters although you can use more than three characters for clarity. However, you cannot use fewer than three characters.
The Super ID Introduction • • Revoke the license of a licensed object file (FUP REVOKE command). Add the first member of a new group or add a group manager (ADDUSER program or SAFECOM ADD USER command) unless specified by the OBJECTTYPE USER. You can restrict the authority of the super ID in several ways. For example, you can use the FREEZE USER command to freeze the super ID except for emergency situations. Then use the THAW USER command to thaw the super ID as required.
The Super ID Introduction Safeguard Reference Manual — 520618-030 1 -16
2 Common SAFECOM Language Elements Many syntax elements in the SAFECOM command language are common to several SAFECOM commands. This simplifies learning and using the language. For example, the language elements that identify users are used in the user security commands and as components of object access lists.
Common SAFECOM Language Elements Wild-Card Characters attributes of all disk files whose names are five characters long and whose first four characters are ACCT.
Common SAFECOM Language Elements • Object Names You must begin a device name with $ and a subdevice name with # even when you use wild cards. For example: =DELETE DEVICE $* =INFO TERM $c0.#* • Do not mix wild cards with characters in user names when you specify an access control list. For example, the name PROG*.DON is invalid in specifying an access control list entry. Wild cards can only be used in only two instances when you specify user names for an access control list.
Common SAFECOM Language Elements Specifying Disk-File Names file names. An example is \MYSYS.$SYSTEM.SYSTEM.SAFECOM. A partially qualified file name omits one or more parts of the name. SAFECOM uses the current default system, volume, and subvolume names to expand the name to a fully qualified name, possibly altered by SAFECOM SYSTEM and VOLUME commands. Specifying Disk-File Names You can identify a disk file with either a fully or a partially qualified disk file name.
Common SAFECOM Language Elements Partially Qualified Disk-File Names Examples =INFO DISKFILE \tops.$data.stats.rpt1 =INFO DISKFILE \sfo.$users1.nelson.rpt* =ALTER DISKFILE \sys*.$ops?.*.quarter2, OWNER 86,2 =ADD DISKFILE \pts.$*.stats.*, OWNER admin.bob =INFO /OUT safelist/ DISKFILE \*.$*.*.* Partially Qualified Disk-File Names In a partially qualified disk-file name, one or more of the system, volume, and subvolume names is omitted.
Common SAFECOM Language Elements File-Name Lists In this example, SAFECOM uses only the default system and subvolume names to create this partially qualified disk-file name: =SYSTEM \london =VOLUME $data.sales =INFO DISKFILE $books.report1 A fully qualified disk-file name follows: \LONDON.$BOOKS.SALES.REPORT1 Examples =FREEZE DISKFILE report4 =INFO DISKFILE $data.stats.report4 =INFO DISKFILE stats.report4 =THAW DISKFILE \stl.$data.report4 =ADD DISKFILE $dat*.*.*, LIKE $data.master.
Common SAFECOM Language Elements Patterns Patterns Diskfile patterns reduce administrative burden by supplying one pattern that can match many subvolumes or filenames. For more information, see the Safeguard User’s Guide. Specifying Disk Volume Names You can identify a disk volume with either a fully or a partially qualified volume name. To specify more than one volume in a command, you can use wild cards in a volume name, or you can use a volume name list.
Common SAFECOM Language Elements Volume Name Lists Examples =FREEZE VOLUME $data =ADD VOLUME $mail*, LIKE $data =INFO VOLUME $* =THAW VOLUME $?com Volume Name Lists A volume name list is a list of fully qualified or partially qualified volume names. A volume name list specifies a group of disk volumes on which the same operation is to be performed. ( volume [ , volume ] ... ) volume is either a fully or a partially qualified volume name. Examples =ALTER VOLUME ($mail, $sail, $trail), OWNER ops.
Common SAFECOM Language Elements Partially Qualified Subvolume Names Examples =DELETE SUBVOLUME \tops.$data.jones =ADD SUBVOLUME \tops.$dat*.* =ADD SUBVOLUME \tops.$*.valdez =INFO SUBVOLUME \*.$data.* Partially Qualified Subvolume Names A partially qualified subvolume name is a subvolume name with the system name or the volume name (or both) omitted. [\system.][$volume.]subvolume \system is a system name. If omitted, the current default system name is used. $volume is a disk volume name.
Common SAFECOM Language Elements Specifying Device Names =THAW SUBVOLUME (\sfo.$users.data, $*.*) =INFO SUBVOLUME (\*.$users.*, jones) Specifying Device Names You can identify a device with either a fully or a partially qualified device name. To specify more than one device in a command, you can use wild cards in a device name, or you can use a device name list. However, you cannot use wild cards to specify a device name in an ADD command.
Common SAFECOM Language Elements Device Name Lists Examples =ADD DEVICE $lp2 LIKE $lp1 =INFO DEVICE $lp* =FREEZE DEVICE $lazer* Device Name Lists A device name list is a list of fully qualified or partially qualified device names. A device name list specifies a group of devices on which the same operation is to be performed. ( device-name [ , device-name ] ... ) device-name is either a fully or a partially qualified device name.
Common SAFECOM Language Elements Partially Qualified Subdevice Names Examples =ADD SUBDEVICE \apex.$tc02.#p04 =INFO SUBDEVICE \apex.$tc12*.#t04 =FREEZE SUBDEVICE \tops.$cl4.#lazer* Partially Qualified Subdevice Names For subdevices that can be accessed over a network, a partially qualified subdevice name is a device name followed by a subdevice name. SAFECOM expands the partially qualified name by adding the current default system name. $device.#subdevice $device.#subdevice is expanded to: \system-name.
Common SAFECOM Language Elements Specifying Process Names Specifying Process Names You can identify a named process with either a fully or a partially qualified process name. To specify more than one named process in a command, you can use wild cards in a process name, or you can use a process name list. However, you cannot use wild cards to specify a process name in an ADD command. Fully Qualified Process Names A fully qualified process name includes both the system name and process name. [\system-name.
Common SAFECOM Language Elements Process Name Lists Examples =ADD PROCESS $spell LIKE $cedit =INFO PROCESS $loc* =THAW PROCESS $limit Process Name Lists A process name list is a list of fully qualified or partially qualified process names. A process name list specifies a group of processes on which the same operation is to be performed. ( process-name [ , process-name ] ... ) process-name is either a fully or a partially qualified process name.
Common SAFECOM Language Elements Partially Qualified Subprocess Names Examples =ADD SUBPROCESS \argon.$pc12.#tl06 =INFO SUBPROCESS \ajax.$rpt*.#prt =FREEZE SUBPROCESS \fred.$ted*.#clup Partially Qualified Subprocess Names Subprocess names can be partially qualified. As with device names, the only part of a subprocess name you can omit is the system name. When you enter a subprocess name without a system name, SAFECOM expands the partially qualified name by adding the current default system name.
Identifying System Users Common SAFECOM Language Elements Identifying System Users The system user community supported by the operating system is organized into 256 groups, each of which can include 256 individual users for purposes of administration. (Groups can include more than 256 users for file-sharing purposes.) Each system user added to a NonStop system is assigned a user ID and a user name.
Common SAFECOM Language Elements User Names User Names A user name consists of a group name and a member name, separated by a period. group-name.member-name group-name is the name of an administrative group. It is one to eight alphanumeric characters long, the first of which must be alphabetic. In most SAFECOM commands, an administrative group name is case-insensitive. The alphabetic characters are assumed to be uppercase.
Common SAFECOM Language Elements User Sets The network form of a user name and user ID can have the following form: NETWORK FORM OF USER ID: \node-spec.group-num , member-num NETWORK FORM OF USER NAME: \node-spec.group-name.member-name Note. You may only use node-spec in the ACCESS clause of SAFECOM. For example, suppose a network user has a user ID of 3,3, a user name of SALES.BOB, and is on the NYC node. This network user can be identified on an access list with either of these forms: \NYC.3,3 \NYC.
Common SAFECOM Language Elements User-Set Lists In access control list entries, these forms specify all the local users who are members of the group identified by group-name or group-num. This includes users who have been specified as members of the group with the MEMBER clause in an ADD or ALTER GROUP command. *.* and *,* each specifies all the local users defined for your system. \node-spec.group-name.* \node-spec.
Common SAFECOM Language Elements Identifying User Groups alias is a case-sensitive text string of up to 32 alphanumeric and special characters. The first character of an alias name must be alphabetic. The following special characters are allowed in an alias name: period (.), hyphen (-), and underscore (_). Identifying User Groups User groups are created implicitly with the ADD USER command and explicitly with the ADD GROUP command.
3 The Command to Run SAFECOM This section contains the syntax description of the command to run SAFECOM, followed by examples that show each of the three modes of program operation. For more examples of running SAFECOM, see the Safeguard User’s Guide. For instructions on starting the Safeguard software, see the Safeguard Administrator’s Manual. Modes of Program Operation To run the SAFECOM program, you must have the necessary EXECUTE authority for the SAFECOM program object file ($SYSTEM.SYSnn.SAFECOM).
The Command to Run SAFECOM Command Syntax sign (=). You can enter a SAFECOM command at the prompt. To exit SAFECOM, enter the EXIT command. (For more information, see Section 4, SAFECOM Session-Control Commands.) run-opt is any run option for the RUN command of the command interpreter. (For a complete list of run options, see the description of the RUN[D] command in the TACL Reference Manual.
The Command to Run SAFECOM Command Syntax that manage or monitor processes (such as the command-interpreter STATUS command). If you include NAME but omit $process-name, the system assigns a name to your SAFECOM process. If you omit the NAME option, your SAFECOM process runs as an unnamed process. It can be identified only by the system-assigned process number. NOWAIT instructs your command interpreter to return to your terminal for more commands after starting a SAFECOM process.
The Command to Run SAFECOM Command Syntax For example, SAFECOM/OUT / =info badcommand =exit ABENDED: 0,29 SAFECOM /OUT /info badcommand ABENDED: 0,28 Note. The ABEND on exit feature is supported only on systems running H06.28 and later Hseries RVUs and J06.17 and later J-series RVUs. PRI priority assigns an execution priority for the SAFECOM process. For priority, specify an integer in the range 1 through 199.
Considerations The Command to Run SAFECOM Considerations • Running SAFECOM without a local SMP You can run SAFECOM even if the Safeguard security-manager process ($ZSMP) is not currently running on your system.
The Command to Run SAFECOM Safeguard Reference Manual — 520618-030 3-6 Examples
4 SAFECOM Session-Control Commands The SAFECOM session-control commands establish a working environment for your SAFECOM session. For example, the SYSTEM and VOLUME commands establish the default system, volume, and subvolume names that SAFECOM uses to expand partially qualified disk file names. Similarly, the ASSUME command establishes a default object class (such as DISKFILE or USER) so that you can enter objectmanagement commands without specifying the default object class in each command.
SAFECOM Session-Control Commands Session-Control Command Syntax Session-Control Command Syntax Table 4-1. Session-Control Command Summary (page 1 of 2) Command Function ASSUME Establishes a default object class for subsequent object-management commands during the current session. DISPLAY COMMANDS Displays the output of an INFO or SHOW command as SAFECOM commands. DISPLAY DETAIL Controls the DETAIL option of the INFO command for an entire session.
SAFECOM Session-Control Commands ASSUME Command Table 4-1. Session-Control Command Summary (page 2 of 2) Command Function ! Displays and executes a specified command that you previously entered during the current session. -- (two hyphens) Delimits comments in SAFECOM commands. & (ampersand) Indicates that the command is continued on the next line. The rest of this section contains individual syntax descriptions.
SAFECOM Session-Control Commands DISPLAY Command SUBPROCESS SUBVOLUME TERMINAL USER VOLUME Note. The ASSUME command is not valid for OBJECTTYPE, GROUP, or SECURITYGROUP. Example In this example, ASSUME establishes DISKFILE as the default object class: =ASSUME DISKFILE =SET ACCESS (sales.*, admin.*) r =ADD $data.q3.report SAFECOM then executes the SET and ADD commands as though you had entered: =SET DISKFILE ACCESS (sales.*, admin.*) r =ADD DISKFILE $data.q3.
DISPLAY Command SAFECOM Session-Control Commands DISPLAY AS COMMANDS Option DISPLAY AS COMMANDS controls whether the output of an INFO or SHOW command is displayed as a report or as a list of SAFECOM commands. Normally, INFO and SHOW commands produce reports. To display the output of INFO and SHOW as commands, use the DISPLAY AS COMMANDS option.
DISPLAY Command SAFECOM Session-Control Commands By default, the INFO command output is displayed in report form. To view this output as SAFECOM commands rather than as a report: =DISPLAY AS COMMANDS ON =INFO DISKFILE rpt01, DETAIL The following information appears: ADD ALTER ALTER DISKFILE DISKFILE ACCESS DISKFILE ACCESS $DATA.SALES $DATA.SALES 002,005 $DATA.SALES 002,* .RPT01 .RPT01 (R,W,E,P, 0) .
SAFECOM Session-Control Commands DISPLAY Command DISPLAY HEADERS Option DISPLAY HEADERS controls the display of heading lines in INFO command reports for a session. SAFECOM normally displays a heading line above each object reported on by an INFO command. DISPLAY HEADERS allows you to either suppress the display of the heading line or specify that it should appear only once in an INFO report.
DISPLAY Command SAFECOM Session-Control Commands The following information appears: $DATA.SALES REPORT1 LAST-MODIFIED OWNER STATUS 18JUL88, 11:00 2,1 THAWED LAST-MODIFIED OWNER STATUS 18JUL88, 11:02 2,1 THAWED LAST-MODIFIED OWNER STATUS 18JUL88, 11:05 2,1 THAWED WARNING-MODE OFF NO ACCESS CONTROL LIST DEFINED! $DATA.SALES REPORT2 WARNING-MODE OFF NO ACCESS CONTROL LIST DEFINED! $DATA.
SAFECOM Session-Control Commands DISPLAY Command DISPLAY PROMPT entered by itself without any prompt-item, causes the default SAFECOM prompt (=) to be displayed. prompt-item specifies the text to be added to the standard SAFECOM prompt. If you include multiple prompt items in a DISPLAY PROMPT command, they must be separated by commas and enclosed in parentheses.
SAFECOM Session-Control Commands DISPLAY Command DATE specifies that the current date is displayed in the SAFECOM prompt. The date is displayed in the form mm/dd/yyyy. END specifies that the equal sign (=) is not displayed to terminate the SAFECOM prompt and that any prompt-item following the word END is ignored. PROCESS NAME specifies that the current process name is displayed in the SAFECOM prompt. PROCESS NUMBER specifies that the current process number is displayed in the SAFECOM prompt.
SAFECOM Session-Control Commands DISPLAY Command Considerations • If used, END should be the last prompt item specified. Any prompt items following END are ignored. Examples 1. This command adds the current command line number to the SAFECOM prompt: =DISPLAY PROMPT COMMAND NUMBER 2= 2. This command adds the user name for the user ADMIN.BILL to the SAFECOM prompt: =DISPLAY PROMPT USER NAME ADMIN.BILL= 3. This command changes the SAFECOM prompt for the user ADMIN.
SAFECOM Session-Control Commands DISPLAY Command Examples In this example, DISPLAY USER specifies that user identities are displayed as user names rather than user IDs: =DISPLAY USER NAME DISPLAY WARNINGS Option DISPLAY WARNINGS controls the display of warning messages on INFO DISKFILE reports for the current session. SAFECOM normally displays a warning message if you issue an INFO DISKFILE command for a file that has not been added to the Safeguard database.
ENV Command SAFECOM Session-Control Commands The following information appears: $DATA.SALES REPORT1 LAST-MODIFIED OWNER STATUS 18JUL88, 11:00 2,1 THAWED WARNING-MODE OFF NO ACCESS CONTROL LIST DEFINED! * WARNING * RECORD FOR DISKFILE $DATA.SALES.REPORT2 NOT FOUND * WARNING * RECORD FOR DISKFILE $DATA.SALES.REPORT3 NOT FOUND Use the following command to turn off the warning messages: =DISPLAY WARNINGS OFF Then issue the same INFO command: =INFO DISKFILE $data.sales.
SAFECOM Session-Control Commands EXIT Command env-parm is any one of these environmental parameters: SYSTEM VOLUME OUT LOG ASSUME WARNINGS USER DETAIL AS COMMANDS HEADERS PROMPT Examples 1. This ENV command requests a report on all the current environmental parameter values. The report is sent to a file called $DATA.SECURE.ENVPARMS. =ENV / OUT envparms / = After this ENV command completes, $DATA.SECURE.
SAFECOM Session-Control Commands FC Command Consideration • You can also press Ctrl-Y to exit SAFECOM. Ctrl-Y is equivalent to end-of-file (EOF). (Ctrl-Y means to hold down the Ctrl key while pressing the Y key.) FC Command The FC command lets you retrieve, edit, and execute a command line you have previously entered during the current session. FC is useful for correcting mistyped commands and for entering a series of commands that differ by only a few characters.
SAFECOM Session-Control Commands FC Command FC Editing Subcommands When you execute the FC command, it displays the specified command and positions the cursor on the next line. This blank line is the command editing line in which you can use the FC editing subcommands. The editing subcommands modify the characters displayed above them in the command line. When you move the cursor in the command editing line, use only the spacebar and the backspace key.
HELP Command SAFECOM Session-Control Commands Considerations • • To abort the FC command, enter only the subcommand separator (//) on the new blank line and then immediately press RETURN. The (possibly altered) command line is discarded without execution. You can also press Ctrl-Y to stop the FC command. If you enter FC alone, the last command you entered is displayed. Examples 1.
SAFECOM Session-Control Commands HISTORY Command If listfile does not exist, SAFECOM creates an EDIT-format file and then writes the HELP report to that file. If listfile does exist, SAFECOM opens the file and appends the HELP report. topic is the topic for which SAFECOM displays information. For a brief list of topics, enter HELP without any parameters. ALL displays help text for all commands (typically used with the OUT listfile option).
SAFECOM Session-Control Commands LOG Command Examples 1. The following command displays the last four commands entered during the current session. The example assumes that the HISTORY command is the ninth command entered during the session. =HISTORY 4 6=ASSUME DISKFILE 7=SHOW 8=ADD RPT05, ACCESS 14,* R 9=HISTORY 4 = 2. The following sequence of commands shows the function of the HISTORY RESET LAST command.
SAFECOM Session-Control Commands OBEY Command logfile establishes a log file for SAFECOM. You can specify any file name. If logfile does not exist, SAFECOM creates an EDIT-format file and writes the session log records to that file. If logfile exists, SAFECOM opens the file and appends the log records. Considerations • Changing log files in the middle of a session You can change the log file in the middle of a session by entering a LOG command that specifies a different file as logfile.
SAFECOM Session-Control Commands OBEY Command OUT listfile redirects SAFECOM output to listfile for all the commands in command-file. For listfile, specify any file name. If listfile does not exist, SAFECOM creates an EDIT-format file and then writes all output text to that file. If listfile exists, SAFECOM opens the file and appends the output text. command-file is the name of a file containing SAFECOM commands (usually an EDIT-format file). The name can be any file name.
OUT Command SAFECOM Session-Control Commands Example This example shows the use of a command file named $DATA.SECURE.INFOADMN. This command file prints an INFO report about all the users in the ADMIN group: =OBEY $data.secure.infoadmn =OUT $s.#lp =INFO USERS admin.* , DETAIL =OUT = -- redirect output to $S.#LP -- report on all admin users -- redirect output to terminal OUT Command OUT directs SAFECOM output text to a specified file.
SAFECOM Session-Control Commands SYNTAX Command Example This example shows the use of the OUT command to produce a listing of all the SAFECOM help screens: =OUT $s.#lp1 =HELP ALL =OUT The last OUT command redirects SAFECOM output text to the original output file; in this case, the home terminal. SYNTAX Command SYNTAX enables and disables syntax-only mode. In syntax-only mode, SAFECOM only checks the syntax of commands. It does not execute the commands.
SYSTEM Command SAFECOM Session-Control Commands SYSTEM Command SYSTEM establishes a default system name. SAFECOM uses the default system name to expand partially qualified file names that do not include a system name. When you first run SAFECOM, the name of your local system is used as the initial default system name. SYSTEM [ \system-name ] SYSTEM entered without \system-name, sets the default system name to the name of the system you are currently using.
VOLUME Command SAFECOM Session-Control Commands =INFO $data.sales.report1 \LA.$DATA.SALES REPORT1 001,002 \*.001,* -- Displays a report on \LA.$DATA.SALES.REPORT1 LAST-MODIFIED OWNER STATUS 14OCT85, 11:46 1,2 THAWED WARNING-MODE OFF R,W,E,P R =SYSTEM =ENV SYSTEM SYSTEM \NY -- Reestablishes \NY as the default system name VOLUME Command VOLUME establishes a default disk volume name and a default subvolume name.
? Command SAFECOM Session-Control Commands Consideration To display your current default volume and subvolume names, use the ENV VOLUME command. For example: =ENV VOLUME VOLUME $DATA.SALES = Example This example uses the VOLUME command to establish default volume and subvolume names within a sequence of commands: =OUT $s.#lp -- Directs output to $S.#LP =ASSUME DISKFILE -- Establishes DISKFILE as the default object class =VOLUME $data.
SAFECOM Session-Control Commands ! Command -linenum is a negative integer that specifies the number of the command line to be retrieved relative to the current line number. string is a text string. The ? command finds and displays the most recent command in the history buffer that begins with the specified text string. "string" is a text string enclosed in quotation marks. The ? command finds and displays the most recent command in the history buffer that contains the specified text string.
SAFECOM Session-Control Commands Comment Delimiters ! entered with no line number or text string, specifies that the last command line in the command history buffer is to be displayed and executed. linenum is a positive integer that specifies the number of the command line in the history buffer that you want to retrieve and execute. -linenum is a negative integer that specifies the number of the command line to be retrieved and executed relative to the current line number. string is a text string.
SAFECOM Session-Control Commands Continuation Character -(two hyphens) are the delimiters that separate the command from the comment. any-phrase is any phrase or descriptive remark that follows the delimiter. The phrase cannot contain -- (two hyphens). end-of-line the carriage return is the end-of-line terminator. Alternately, the two hyphens can be eliminated as delimiters if the end-of-line terminator is included after your comment in any-phrase.
SAFECOM Session-Control Commands Continuation Character the elements of the ACCESS specification. Commas separate other command elements.
5 User Security Commands SAFECOM user security commands are restricted such that, only specific users can execute the commands and thereby control user security. These users include system managers, security administrators, and group managers, as qualified by the list of users specified with OBJECTTYPE USER. SAFECOM commands can add user IDs to the system, delete user IDs from the system, and suspend user IDs ability to log on to the system.
Who Can Manage User Security User Security Commands user’s ability to log on to the system, and delete the user (ALTER USER, FREEZE USER, THAW USER, and DELETE USER commands, respectively). The original primary owner and the secondary owners of a user authentication record can change the OWNER attribute to the user ID of any other user. That other user then has control of the user’s ability to access the system.
User Security Command Summary User Security Commands Table 5-1. Who Can Use the User Security Commands (page 2 of 2) USER Command Who Can Use ADD USER If no ACL exists for OBJECTTYPE USER, the local group manager can add a member of an existing group. The local super ID can add members of a group or add a group manager. If an ACL exists for OBJECTTYPE USER, only members listed in that ACL can add users. (Thereafter, the owner can manage the user record).
The Syntax of User Security Commands User Security Commands The Syntax of User Security Commands The rest of this section contains individual syntax descriptions for the user security commands.
ADD USER Command User Security Commands group-name.member-name is the user name of the user added to the system. If group-name does not match any existing group-name and if group-num is not assigned to an existing group-name, a new administrative group is added to the system, with this user being the first member of the group.
ADD USER Command User Security Commands the initial default values, see RESET USER Command on page 5-35. You can change the initial default values with the SET command.
ADD USER Command User Security Commands Adding a user with the ADD USER command creates a Safeguard user authentication record for the user that contains predefined user attribute values. (For the predefined values, see RESET USER Command on page 5-35.) • Newly installed Safeguard software expands the existing USERID file.
ADD USER Command User Security Commands Examples 1. The group manager for a new marketing group (group name PRS and group number 86) uses this command to add the first member (other than the group manager) to the group: =ADD USER prs.darlene , 86,1 , PASSWORD market This command adds a user who has the user name PRS.DARLENE and the user ID 86,1. Darlene’s logon password is market. The other user attributes for PRS.DARLENE have their default values. 2.
ADD USER Command User Security Commands The report shows: TYPE USER OWNER 86,255 PASSWORD = USER-EXPIRES PASSWORD-EXPIRES PASSWORD-MUST-CHANGE EVERY PASSWORD-EXPIRY-GRACE GUARDIAN DEFAULT SECURITY GUARDIAN DEFAULT VOLUME = 26JUN05, 0:00 = * NONE * = 60 DAYS = * NONE * = NUNU = $SYSTEM.
ALTER USER Command User Security Commands ALTER USER Command ALTER USER changes one or more user attributes in a user’s authentication record. Only the primary owner and secondary owners of a user’s authentication record, the primary owner’s group manager, or the local super ID can use ALTER USER to change the user-attribute values in a user’s authentication record. For all attributes other than REMOTEPASSWORD, the ALTER USER command replaces the current attribute value with the newly specified value.
ALTER USER Command User Security Commands LIKE changes the values of all user attributes except: PASSWORD [password] REMOTEPASSWORD \system-name remote-password GUARDIAN [DEFAULT] SECURITY ["]string["] GUARDIAN [DEFAULT] [SUB]VOLUME [\system.]$vol.
ALTER USER Command User Security Commands If you omit owner-id, it is set to your user ID. OWNER-LIST [[-]user-list] changes the secondary ownership of a user’s authentication record by adding or deleting owners in the owner list. A minus sign (-) preceding user-list indicates that the specified users are to be deleted from the existing owner list. If the minus sign is omitted, the specified users are added to the owner list. If user-list is omitted, the owner list is set to null (no secondary owners).
ALTER USER Command User Security Commands character. The case of the letters is preserved. Lowercase letters remain lowercase, and uppercase remain uppercase. If omitted, the value for password is set to null. In this case, a password is not required for the user to log on to the system. The password is subject to the restrictions imposed by the configuration options described in Section 16, Safeguard Subsystem Commands. WARNING. Only the first eight characters of the password will be considered.
ALTER USER Command User Security Commands PASSWORD-MUST-CHANGE [EVERY num DAYS] changes the maximum number of days that a user can use the same password. For num, specify an integer from 1 through 32,767. Changing the PASSWORD-MUST-CHANGE attribute causes the Safeguard software to calculate a new PASSWORD-EXPIRES date. The PASSWORDEXPIRES date is set to the current date plus num days.
ALTER USER Command User Security Commands year is a 4-digit integer, specifying the year. Note. The YEAR can take any value in the range of one minus the current year up to a maximum value of 9999. For example, If the current year is 2010, the YEAR field can take any value in the range 2009 to 9999. hour is an integer from 0 to 23, specifying the hour. min is an integer from 0 to 59, specifying the minute.
ALTER USER Command User Security Commands AUDIT-MANAGE-FAIL [audit-spec] changes the audit-spec for unsuccessful attempts to manage a user’s authentication record. The form of audit-spec is: { ALL | LOCAL | REMOTE | NONE } For a description of the audit-specs, see the SET USER Command on page 5-40. Omitting audit-spec specifies NONE. AUDIT-USER-ACTION-PASS [audit-spec] changes the audit-spec for successful events performed by this user.
ALTER USER Command User Security Commands semicolons, and the ASCII null character. The case of the letters is preserved; lowercase letters remain lowercase, and uppercase letters remain uppercase. You cannot set multiple remote passwords with one command. DEFAULT-PROTECTION [ obj-attr ] [ ( obj-attr [ , obj-attr ] ...) ] changes one or more attributes to be assigned immediately to new disk files created by processes with a PAID equal to this user ID.
ALTER USER Command User Security Commands group-name. You can include it in the command for readability. group-name is the name of a group to which the user already belongs. group-num is the number of a group to which the user already belongs. You can specify the primary group by group name or by group number, but not both. You cannot include PRIMARY-GROUP NAME and PRIMARY-GROUP NUMBER attributes in the same command.
ALTER USER Command User Security Commands If you omit prog-filename, the other user attributes associated with CIPROG prog-filename in this record are not meaningful. CI-LIB [lib-filename] changes the library file to be used with the command interpreter that is started when this user is authenticated at a Safeguard terminal. lib-filename must be a local file name. If you omit lib-filename, no library file is used.
ALTER USER Command User Security Commands TEXT-DESCRIPTION "[text]" specifies a string of characters to replace the existing text description for this record. Because SAFECOM allows a maximum command length of 528 characters, the specified text string must contain fewer than 528 characters. You can specify a longer descriptive text string by using the Safeguard SPI interface, as described in the Safeguard Management Programming Manual. All text within the quotation marks is considered descriptive text.
ALTER USER Command User Security Commands RESET-STATIC-FAILED-LOGON-COUNT resets the value of the attribute STATIC-FAILED-LOGON-COUNT to 0. Note. The RESET-STATIC-FAILED-LOGON-COUNT field is supported only on systems running H06.10 and later H-series and G06.32 and later G-series RVUs. Considerations • Changing your logon password Only the owner of a user’s authentication record or the owner’s group manager can use the ALTER USER command to change a user’s password.
DELETE USER Command User Security Commands record to the user who has user ID 86,2 and to require that Darlene change her logon password every 35 days: =ALTER USER prs.darlene, OWNER admin.sue, & =PASSWORD-MUST-CHANGE EVERY 35 DAYS Because the OWNER attribute for PRS.DARLENE was changed to a member of another group, PRS.MANAGER can no longer manage this authentication record. 2. The primary owner of the user authentication record for ACCTG.
DELETE USER Command User Security Commands USER specifies USER as the object type of the DELETE command. Omit it if USER is the assumed object type. (For more information about assumed types, see the ASSUME Command on page 4-3.) user-spec specifies the user or users to be deleted from the system. user-spec can be any of: group-num , member-num group-name.member-name group-num , * *,* group-name and member-name can contain wild-card characters.
FREEZE USER Command User Security Commands the group’s AUTO-DELETE attribute is OFF, you can delete the group only with the DELETE GROUP command. (For more information, see INFO GROUP Command on page 7-14.) Examples 1. The group manager for the ACCTG group enters this command to delete the user ACCTG.HARRY: =DELETE USER acctg.harry 2. The group manager for the PROG group enters this command to delete all users in the PROG group who are also members of the TEMP group: =DELETE USER prog.
FREEZE USER Command User Security Commands WHERE expression causes the FREEZE command to apply only to authentication records for users who belong to the groups specified by expression. For a description of WHERE expression, see the ALTER USER Command on page 5-10. Considerations • Freezing the super ID (255,255) The super ID can be frozen. The result of freezing the super ID is that this ID cannot log on.
INFO USER Command User Security Commands INFO USER Command INFO USER displays a report about the user-attribute values currently stored in a user’s authentication record. Use of the INFO USER command is limited to these users: • • • • The user The primary and secondary owners of the user’s authentication record The primary owner’s group manager The super ID INFO [ / OUT listfile / ] USER { user-spec | ( user-spec [ , user-spec ] ... ) } [ [ , ] option ] [ , option ] ...
INFO USER Command User Security Commands AUDIT CI OSS REMOTEPASSWORD DEFAULT-PROTECTION GROUP OWNER-LIST ALIAS TEXT-DESCRIPTION WHERE expression GENERAL displays the basic user attributes, including password settings, user expiration, UID, Guardian security, and Guardian default volume. DETAIL displays all user attributes, including those displayed by all other options. AUDIT displays only attributes related to auditing. CI displays only attributes related to the default command interpreter.
INFO USER Command User Security Commands WHERE expression causes information to be displayed only for users who belong to the groups specified by expression. For a description of WHERE expression, see ALTER USER Command on page 5-10. INFO USER Brief Report Figure 5-1 shows the format of the brief INFO USER report. A description of the userattribute values and status fields immediately follows it. Figure 5-1. INFO USER Brief Report Format GROUP.
INFO USER Command User Security Commands STATUS status indicates this user’s current status. status can be any of: USEREXP The user’s ability to log on to the system has expired. Until the user’s USER-EXPIRES date is changed to some future date, the user cannot log on to the system. PSWDEXP The user’s password has expired. Until the user’s password is changed or until the user’s PASSWORD-MUST-CHANGE period is extended (through the ALTER USER command), the user cannot log on to the system.
INFO USER Command User Security Commands Figure 5-2. INFO USER Detailed Report Format GROUP.
INFO USER Command User Security Commands UID = uid is the scalar view of this user’s user ID. USER-EXPIRES = date, time is the date and time when this user’s ability to log on to the system will be suspended (in local civil time). After the USER-EXPIRES command suspends a user’s ability to log on to the system, changing the user’s USER-EXPIRES attribute to some future date restores that ability. PASSWORD-EXPIRES = date, time is the date and time when this user’s password will expire.
INFO USER Command User Security Commands FROZEN/THAWED = frozen | thawed indicates whether or not a user’s access to the system has been frozen. While a user’s access to the system is frozen, the user cannot log on to the system. STATIC FAILED LOGON COUNT = count is the number of total unsuccessful logon attempts that made with this user’s user name since it was created. The maximum value for this attribute is 2,147,483,647.
INFO USER Command User Security Commands TEXT-DESCRIPTION = [ "text" ] is the descriptive text associated with the user authentication record. BINARY-DESCRIPTION-LENGTH = length is the length in bytes of the binary description field for the user authentication record. If no binary description was specified for the record, length is 0. For more information about the binary description field, see the Safeguard Management Programming Manual.
INFO USER Command User Security Commands PRIMARY-GROUP = group is the group name of the user’s primary group. GROUP = group is the group name of each group in the user’s group list. The user’s administrative group always appears in the group list. Other groups are those specified by the MEMBER attribute of the ADD or ALTER GROUP commands. [REMOTEPASSWORD = \system-name remotepassword ] is a remote password defined for the specified system name.
RESET USER Command User Security Commands 2. This command displays the group list for each user in administrative group 255 who also belongs to group SECURE: =INFO USER 255,*, GROUP, WHERE GROUP=SECURE RESET USER Command RESET USER resets the current default user-attribute values to predefined values. (The predefined reset values are the values of the default user attributes when you begin a SAFECOM session.
RESET USER Command User Security Commands INITIAL-DIRECTORY INITIAL-PROGRAM INITIAL-PROGTYPE CI-PROG CI-LIB CI-CPU CI-NAME CI-SWAP CI-PRI CI-PARAM-TEXT The predefined values for the user attributes are: OWNER owner-id is set to the user ID of the current SAFECOM user. OWNER-LIST user-list is set to null (no secondary owners). PASSWORD password is set to null. (No password is required to log on). USER-EXPIRES date,time are set to null (no expiration date). PASSWORD-MUST-CHANGE num days is set to null.
RESET USER Command User Security Commands AUDIT-MANAGE-FAIL audit-spec is set to NONE. AUDIT-USER-ACTION-PASS audit-spec is set to NONE. AUDIT-USER-ACTION-FAIL audit-spec is set to NONE. TEXT-DESCRIPTION text is set to null (no description text). REMOTEPASSWORD The remote password list is set to null (no remote passwords). DEFAULT-PROTECTION The default protection record is set to null. (New files remain under Guardian protection until explicitly added to the Safeguard database.
RESET USER Command User Security Commands CI-CPU cpu-number is set to ANY. CI-NAME process-name is set to null. (The Safeguard software generates a name.) CI-SWAP $vol is set to null. (Use same volume as CI-PROG object file.) CI-PRI priority is set to null. (Use the value of CI-PRI in the Safeguard configuration record.) CI-PARAM-TEXT startup-param-text is set to null. (No data is supplied in startup message text.
RESET USER Command User Security Commands The report shows: TYPE USER OWNER 86,2 PASSWORD = USER-EXPIRES PASSWORD-EXPIRES PASSWORD-MUST-CHANGE EVERY PASSWORD-EXPIRY-GRACE GUARDIAN DEFAULT SECURITY GUARDIAN DEFAULT VOLUME = * NONE * = * NONE * = 30 DAYS = * NONE * = NUNU = $DATA2.
SET USER Command User Security Commands The report shows: TYPE USER OWNER 86,255 PASSWORD = USER-EXPIRES PASSWORD-EXPIRES PASSWORD-MUST-CHANGE EVERY PASSWORD-EXPIRY-GRACE GUARDIAN DEFAULT SECURITY GUARDIAN DEFAULT VOLUME = * NONE * = * NONE * = * NONE * = * NONE * = OOOO = $SYSTEM.
SET USER Command User Security Commands LIKE user sets some of the current default user attribute values to the same as those currently defined for the user or alias specified with user. user is one of the following: group-num,member-num group-name.member-name alias LIKE sets the current default values for all user attributes except: PASSWORD [password] REMOTEPASSWORD \system-name remote-password GUARDIAN [DEFAULT] SECURITY ["]string["] GUARDIAN [DEFAULT] [SUB]VOLUME [\system.]$vol.
SET USER Command User Security Commands CI-PARAM-TEXT [startup-param-text] OWNER [owner-id] specifies the owner of a user authentication record. For owner-id, specify either of: [\*.]group-name.member-name [\*.]group-num , member-num If you omit owner-id, your user ID becomes the current owner-id. OWNER-LIST [[-]user-list] changes the secondary ownership of a user’s authentication record by adding or deleting owners in the owner list.
SET USER Command User Security Commands PASSWORD [password] specifies a logon password for a user. Typically, users must enter their user name and a password to log on to a system. For password, specify the user’s logon password, which can be one to eight characters long. Use any alphanumeric characters except blanks, commas, semicolons, and the ASCII null character. The case of letters in a password is preserved. Lowercase letters remain lowercase, and uppercase letters remain uppercase.
SET USER Command User Security Commands When you add a user with a PASSWORD-MUST-CHANGE attribute, the Safeguard software calculates a PASSWORD-EXPIRES date by adding num days to the current date. If the user’s password is not changed before the PASSWORD-EXPIRES date, the user cannot log on to the system after that date (unless a PASSWORD-EXPIRY-GRACE period has been established).
SET USER Command User Security Commands hour is an integer from 0 through 23. min is an integer from 0 through 59. AUDIT-AUTHENTICATE-PASS [audit-spec] establishes an audit-spec for successful user authentication attempts. The audit-spec specifies the conditions under which the Safeguard software writes an audit record to the audit file when the user successfully logs on to the system. The form of audit-spec is: { ALL | LOCAL | REMOTE | NONE } ALL All successful logons are audited.
SET USER Command User Security Commands LOCAL Only unsuccessful logons from the local system are audited. REMOTE This form has no effect. Remote authentication is not supported. NONE No unsuccessful logons are audited. Omitting audit-spec specifies NONE. AUDIT-MANAGE-PASS [audit-spec] establishes an audit-spec for successful attempts to manage a user’s authentication record.
SET USER Command User Security Commands ALL All unsuccessful management attempts are audited. LOCAL Only unsuccessful management attempts from the local system are audited. REMOTE Only unsuccessful management attempts from a remote system are audited. NONE No unsuccessful management attempts are audited. Omitting audit-spec specifies NONE.
SET USER Command User Security Commands AUDIT-USER-ACTION-FAIL [audit-spec] establishes an audit-spec for unsuccessful events attempted by this user, including attempts to access objects and attempts to create or manage Safeguard protection records. The audit-spec specifies the conditions under which the Safeguard software writes an audit record to the audit file when the user unsuccessfully attempts to perform an event. Note.
SET USER Command User Security Commands \system-name is the system for which the remote password is to be assigned. The \system-name value must be a valid system name. remote-password is the remote password assigned to \system-name. For remotepassword, specify a string of one to eight characters. You can use any character in a remote password except blanks, commas, semicolons, and the ASCII null character. The case of letters is preserved.
SET USER Command User Security Commands GUARDIAN [DEFAULT] [SUB]VOLUME [\system.]$vol.subvol specifies the Guardian default subvolume. The word DEFAULT and the prefix SUB are optional. You can include them in the command for readability. \system is also optional. If you omit \system, the current system is assumed. $vol specifies the user’s default volume, and subvol specifies the default subvolume. If no GUARDIAN VOLUME is specified, the default subvolume is set to $SYSTEM.NOSUBVOL.
SET USER Command User Security Commands If you omit CI-PROG prog-filename in the user authentication record, the Safeguard software starts the PROG (with associated parameters) in the definition record for the terminal at which the user logs on. If you do not specify PROG in the terminal definition record, the Safeguard software starts the CIPROG (with associated parameters) specified in the Safeguard configuration record.
SET USER Command User Security Commands Considerations • An expired user cannot log on. When a user’s access expires, the user cannot log on to the system, but the user’s authentication record is not deleted. • GUARDIAN DEFAULT attributes are equivalent to using the Guardian DEFAULT command. Setting the user’s Guardian default file security or default subvolume with the GUARDIAN SECURITY or GUARDIAN VOLUME attributes is equivalent to using the Guardian DEFAULT command.
SET USER Command User Security Commands The report displays: TYPE USER OWNER 18,255 PASSWORD = lintel USER-EXPIRES PASSWORD-EXPIRES PASSWORD-MUST-CHANGE EVERY PASSWORD-EXPIRY-GRACE GUARDIAN DEFAULT SECURITY GUARDIAN DEFAULT VOLUME = 30SEP05, 12:00 = * NONE * = * NONE * = * NONE * = OOOO = $DATA2.
SHOW USER Command User Security Commands The report displays: GROUP.USER STATUS TEMP.
SHOW USER Command User Security Commands Figure 5-3. SHOW USER Report Format TYPE USER OWNER gn,un PASSWORD = [password] USER-EXPIRES PASSWORD-EXPIRES PASSWORD-MUST-CHANGE EVERY PASSWORD-EXPIRY-GRACE GUARDIAN DEFAULT SECURITY GUARDIAN DEFAULT VOLUME AUDIT-AUTHENTICATE-PASS AUDIT-AUTHENTICATE-FAIL AUDIT-USER-ACTION-PASS AUDIT-USER-ACTION-FAIL = = = = = { date,time | * NONE * } = { date,time | * NONE * } = { n DAYS | * NONE * } = { n DAYS | * NONE * } = string = $vol.
SHOW USER Command User Security Commands PASSWORD-MUST-CHANGE EVERY = { n DAYS | * NONE * } either gives the maximum number of days that the user can retain the same password or indicates that no limit has been set. PASSWORD-EXPIRY-GRACE = { n DAYS | * NONE * } either gives the number of days after password expiration that the user can change his or her password during logon or indicates that no extension period is allowed.
SHOW USER Command User Security Commands CI-CPU = { num | ANY } either gives the number of the CPU in which the command interpreter runs or indicates any CPU is used. CI-PRI = { num | * NONE * } either gives the priority at which the command interpreter runs or indicates that no priority is assigned in the user record. CI-PARAM-TEXT = [ text ] either gives the startup parameter text supplied to the command interpreter or appears blank to indicate that no parameter is supplied.
SHOW USER Command User Security Commands The report displays: TYPE USER OWNER 86,2 PASSWORD = USER-EXPIRES PASSWORD-EXPIRES PASSWORD-MUST-CHANGE EVERY PASSWORD-EXPIRY-GRACE GUARDIAN DEFAULT SECURITY GUARDIAN DEFAULT VOLUME = * NONE * = * NONE * = * NONE * = * NONE * = OOOO = $SYSTEM.
THAW USER Command User Security Commands The report displays: TYPE USER OWNER 86,255 PASSWORD = macaroon USER-EXPIRES PASSWORD-EXPIRES PASSWORD-MUST-CHANGE EVERY PASSWORD-EXPIRY-GRACE GUARDIAN DEFAULT SECURITY GUARDIAN DEFAULT VOLUME = 15DEC05, 0:00 = * NONE * = 30 DAYS = * NONE * = NUNU = $TOPS.
THAW USER Command User Security Commands user-spec specifies the user (or users) whose ability to log on is to be restored. user-spec can be any of: group-num , member-num group-name.member-name group-num , * *,* group-name and member-name can contain wild-card characters. WHERE expression causes the THAW command to apply only to authentication records for users who belong to the groups specified by expression. For a description of WHERE expression, see the ALTER USER Command on page 5-10. Examples 1.
6 User Alias Security Commands Each user can be assigned one or more additional names, called “user aliases.” An alias is an alternate name that can be used to log on to the system. Each alias has its own alias authentication record and set of user attributes. The values assigned to the user attributes in the alias authentication record can differ from those values assigned to the user attributes in the user authentication record.
Who Can Manage User Aliases User Alias Security Commands An alias authentication record can have multiple owners. The OWNER attribute in an alias authentication record designates the record’s primary owner. The OWNER-LIST attribute optionally designates one or more secondary owners. By default, the OWNER attribute contains the user ID of the user who first created the alias authentication record.
Aliases and Access Control Lists User Alias Security Commands Table 6-1.
User Alias Command Summary User Alias Security Commands User Alias Command Summary Table 6-2 on page 6-4 summarizes each of the user alias commands. Table 6-2. User Alias Command Summary Command Function ADD ALIAS Adds a user alias to the system and creates an authentication record for that alias with the user attribute values specified in the command. For any unspecified attributes, the current default values are used. (To set default values, use the SET ALIAS command.
ADD ALIAS Command User Alias Security Commands ADD ALIAS Command ADD ALIAS adds a user alias to the system and creates a Safeguard authentication record for that alias. Once a new alias is added to the system for a user, the user can log on to the system with that alias. To execute the ADD ALIAS command, you must have the authority both to add the underlying user ID and to alter the authentication record for that user ID. For more information, see Who Can Manage User Aliases on page 6-1.
ADD ALIAS Command User Alias Security Commands group-num,member-num is the user ID of the user with which this alias is to be associated. The groupnum,member-num must already exist. LIKE user adopts the attribute values from an existing alias or user authentication record as the attribute values for the alias authentication record being added. user is an existing user, specified in one of these formats: alias group-num,member-num group-name.
ADD ALIAS Command User Alias Security Commands INITIAL-PROGRAM [prog-path] INITIAL-PROGTYPE [prog-type] CI-PROG [prog-filename] CI-LIB [lib-filename] CI-CPU [cpu-number | ANY] CI-NAME [process-name] CI-SWAP [$vol.[subvol.filename]] CI-PRI [priority] CI-PARAM-TEXT [startup-param-text] Multiple remote-password entries are not allowed on the same line.
ADD ALIAS Command User Alias Security Commands =AUDIT-AUTHENTICATE-PASS all & =PASSWORD-MUST-CHANGE EVERY 60 DAYS & =OWNER-LIST 86,6 & =TEXT-DESCRIPTION "Fred’s group" These users must change passwords for their aliases every 60 days. Their ability to log on using the aliases expires at midnight on June 28, 2005. All successful authentication attempts using the aliases are audited by the Safeguard software. User 86,6 is added as a default secondary owner of the alias authentication records.
ALTER ALIAS Command User Alias Security Commands PRS.MABEL has the user alias Mgr-Mabel and the password seaSide, and PRS.JACK has the user alias Admin-Jack and the password TROUT3. The authentication records for both aliases belong to user 86,2. 3. To add the alias BENNY1 for the user 86,4, the PRS manager uses the LIKE clause with the ADD command: =ADD ALIAS BENNY1, 86,4 , LIKE prs.
ALTER ALIAS Command User Alias Security Commands user is an existing user specified in one of these formats: alias group-num,member-num group-name.member-name LIKE changes the values of all attributes except: PASSWORD [password] REMOTEPASSWORD \system-name remote-password GUARDIAN [DEFAULT] SECURITY ["]string["] GUARDIAN [DEFAULT] [SUB]VOLUME [\system.]$vol.
ALTER ALIAS Command User Alias Security Commands OWNER [owner-id] transfers the primary ownership of an alias authentication record to the user whose user ID is specified as owner-id. For owner-id, specify either of: [\*.]group-name.member-name [\*.]group-num , member-num If you omit owner-id, it is set to your user ID. OWNER-LIST [[-]user-list] changes the secondary ownership of alias authentication record by adding or deleting owners in the owner list.
ALTER ALIAS Command User Alias Security Commands If omitted, the value for password is set to null. In this case, the password is not required for the user to log on to the system. The password is subject to the restrictions imposed by the configuration options described in Section 16, Safeguard Subsystem Commands. WARNING. Only the first eight characters of the password will be considered. USER-EXPIRES [ date [ , time] ] changes the user-expiration date to the specified date and time.
ALTER ALIAS Command User Alias Security Commands Changing the PASSWORD-MUST-CHANGE attribute causes the Safeguard software to calculate a new PASSWORD-EXPIRES date. The PASSWORDEXPIRES date is set to the current date, plus num days. After PASSWORD-EXPIRES suspends a user’s ability to log on to the system with this alias, extending the alias PASSWORD-MUST-CHANGE period can restore that ability. (For more information on how the PASSWORD-MUSTCHANGE operation works, see the SET ALIAS Command on page 6-38.
ALTER ALIAS Command User Alias Security Commands hour is an integer from 0 through 23. min is an integer from 0 through 59. Setting the PASSWORD-MUST-CHANGE attribute after setting the PASSWORD-EXPIRES attribute causes the PASSWORD-EXPIRES date calculated as a result of setting PASSWORD-MUST-CHANGE to override the explicit setting of the PASSWORD-EXPIRES attribute. AUDIT-AUTHENTICATE-PASS [audit-spec] changes the audit-spec for successful user authentication (logon) attempts with this alias.
ALTER ALIAS Command User Alias Security Commands For a description of audit-spec, see the SET ALIAS Command on page 6-38. Omitting audit-spec specifies NONE. AUDIT-USER-ACTION-PASS [audit-spec] changes the audit-spec for successful events performed using this alias. The form of audit-spec is: { ALL | LOCAL | REMOTE | NONE } For a description of audit-spec, see the SET ALIAS Command on page 6-38. Omitting audit-spec specifies NONE.
ALTER ALIAS Command User Alias Security Commands REMOTEPASSWORD [ \system-name [ remote-password] ] adds a new remote password, changes the remote password currently defined for a particular system, or deletes a remote password. An alias can have zero, one, or many remote passwords (one for each remote system to which the alias is granted access, as well as one for the local system matching that remote system).
ALTER ALIAS Command User Alias Security Commands GUARDIAN [DEFAULT] SECURITY ["]string["] changes the Guardian default disk file security string for the alias. The word DEFAULT is optional, as are the quotes that surround the security string specifier. You can include them in the command for readability. string is a four-character string that specifies the Guardian default security string. Each position in the string can contain one of these characters: O, U, G, C, A, or N.
ALTER ALIAS Command User Alias Security Commands INITIAL-PROGRAM [prog-path] changes the initial program pathname within the OSS environment for the alias. prog-path is a case-sensitive text string of up to 256 characters. It must be a syntactically valid OSS pathname. If you specify the INITIALDIRECTORY attribute, it must be the last attribute in the command string. If you omit prog-path, the string is set to null (no pathname).
ALTER ALIAS Command User Alias Security Commands If you omit process-name, the Safeguard software generates a process name. CI-SWAP [$vol[.subvol.filename]] changes the name of the volume or file to be used as the swap volume or file for the command interpreter. $vol must be a local volume name. You can optionally supply a subvolume name and file name. If you omit $vol, the same volume that contains the CI-PROG object file is used.
ALTER ALIAS Command User Alias Security Commands RESET-TEXT-DESCRIPTION resets the text description field for this alias to a null value (the alias has no text description). Note. The RESET-TEXT-DESCRIPTION field is supported only on systems running G06.27 and later G-series RVUs and H06.06 and later H-series. RESET-BINARY-DESCRIPTION resets the binary description field for this alias to zero length and null values.
DELETE ALIAS Command User Alias Security Commands Examples 1. The PRS group manager owns the alias authentication record for Admin_Darlene. The manager enters the following command to transfer ownership of that record to the user who has user ID 14,2 and to require that Darlene change the logon password for this alias every 35 days: =ALTER ALIAS Admin_Darlene, OWNER 14,2, & =PASSWORD-MUST-CHANGE EVERY 35 DAYS Because the OWNER attribute for Admin_Darlene was changed to a member of another group, PRS.
FREEZE ALIAS Command User Alias Security Commands alias specifies the alias or aliases whose authentication records are to be deleted. alias is a text-string as defined under the ADD ALIAS command. The alias can contain wild-card characters. WHERE expression causes the DELETE command to apply only to authentication records for aliases who belong to the groups specified by expression. For a description of WHERE expression, see the ALTER ALIAS Command on page 6-9.
INFO ALIAS Command User Alias Security Commands ALIAS specifies ALIAS as the object type of the FREEZE command. Omit it if ALIAS is the assumed object type. (For more information about assumed types, see the ASSUME Command on page 4-3.) alias specifies the alias or aliases whose authentication records are to be frozen. alias is a text-string as defined under the ADD ALIAS command. The alias can contain wild-card characters.
INFO ALIAS Command User Alias Security Commands Use of the INFO ALIAS command is limited to these users: • • • • The user assigned the alias The primary and secondary owners of the alias authentication record The primary owner’s group manager The super ID Any alias of the user can execute the INFO USER command for any other alias of the user. INFO [ / OUT listfile / ] ALIAS { alias | ( alias [ , alias ] ... ) } [ [ , ] option ] [ , option ] ...
INFO ALIAS Command User Alias Security Commands TEXT-DESCRIPTION WHERE expression GENERAL displays the basic user attributes including UID, password settings, user expiration, Guardian security, and Guardian default volume. DETAIL displays all attributes, including those displayed by all other options. AUDIT displays only attributes related to auditing. CI displays only attributes related to the default command interpreter. OSS displays only attributes related to OSS initial settings.
INFO ALIAS Command User Alias Security Commands Figure 6-1. INFO ALIAS Brief Report Format NAME alias USER-ID u-id OWNER STATUS o-id [+] status NAME alias is the user alias whose current user attributes are being displayed. USER-ID u-id is the structured view of the user ID of the user associated with this alias. OWNER o-id is the user ID of the user who is the primary owner of this alias authentication record. If o-id is the network form of a user ID, the primary owner is a network user.
INFO ALIAS Command User Alias Security Commands The values of the status field are listed in the order of their priority. When two or more of the conditions described by a status value apply to a user alias, only the highest priority is displayed. For example, if a password is expired and the alias is frozen, status is displayed as PSWD-EXP.
INFO ALIAS Command User Alias Security Commands INFO ALIAS Detailed Report Figure 6-2 on page 6-28 shows the format of the detailed INFO ALIAS report. Figure 6-2.
INFO ALIAS Command User Alias Security Commands UID = u-id is the scalar view of the user ID of the user associated with this alias. LAST-LOGON = date,time is the time and date when the user last logged onto the system with this alias (in local civil time). LAST-MODIFIED = date,time is the time and date when this alias authentication record was last changed (in local civil time).
INFO ALIAS Command User Alias Security Commands PASSWORD-EXPIRY-GRACE = num DAYS specifies the number of days after password expiration that the alias password can be changed during logon. FROZEN/THAWED = frozen | thawed indicates whether or not a user’s access to the system with this alias has been frozen. While the alias is frozen, the user cannot log on to the system with this alias. CREATION-TIME = date, time specifies the date and time when the user was created.
INFO ALIAS Command User Alias Security Commands and attempts by the user to perform an event while logged on as this alias. a-spec can be: { ALL | LOCAL | REMOTE | NONE } For a full description of a-spec, see the audit-spec for the SET ALIAS command. TEXT-DESCRIPTION = ["text"] is the descriptive text associated with the alias. BINARY-DESCRIPTION-LENGTH = length is the length in bytes of the binary description field for the alias. If no binary description was specified for the alias, length is 0.
INFO ALIAS Command User Alias Security Commands INITIAL-DIRECTORY = [ dir-path ] is the initial directory pathname. It is blank if no pathname is defined. PRIMARY-GROUP = group is the group name of the primary group for this alias. GROUP = group is the group name of each group in the alias group list. Groups in this list are specified by the MEMBER attribute of the ADD or ALTER GROUP commands. [ REMOTEPASSWORD = \system-name remotepassword ] is a remote password defined for the specified system name.
RESET ALIAS Command User Alias Security Commands 2. This command displays the group list for each alias that is a member of the group Rev40: =INFO ALIAS *, GROUP, WHERE GROUP=Rev40 RESET ALIAS Command RESET ALIAS resets the current default values for user attributes to predefined values. (The predefined reset values are the values of the default user attributes when you begin a SAFECOM session.
RESET ALIAS Command User Alias Security Commands INITIAL-PROGRAM INITIAL-PROGTYPE CI-PROG CI-LIB CI-CPU CI-NAME CI-SWAP CI-PRI CI-PARAM-TEXT The predefined values for the attributes are: OWNER owner-id is set to the user ID of the current SAFECOM user. OWNER-LIST user-list is set to null (no secondary owners). PASSWORD password is set to null (no password required to log on). USER-EXPIRES date,time are set to null (no expiration date). PASSWORD-MUST-CHANGE num days is set to null.
RESET ALIAS Command User Alias Security Commands AUDIT-MANAGE-FAIL audit-spec is set to NONE. AUDIT-USER-ACTION-PASS audit-spec is set to NONE. AUDIT-USER-ACTION-FAIL audit-spec is set to NONE. TEXT-DESCRIPTION text is set to null (no descriptive text). REMOTEPASSWORD The remote password list is set to null (no remote passwords). DEFAULT-PROTECTION The default protection record is set to null. (New files remain under Guardian protection until explicitly added to the Safeguard database.
RESET ALIAS Command User Alias Security Commands CI-CPU cpu-number is set to ANY. CI-NAME process-name is set to null. (The Safeguard software generates a name.) CI-SWAP $vol is set to null. (Use same volume as CI-PROG object file). CI-PRI priority is set to null. (Use the value of CI-PRI in the Safeguard configuration record.) CI-PARAM-TEXT startup-param-text is set to null. (No data is supplied in startup message text.
RESET ALIAS Command User Alias Security Commands Examples To restore the current default user attributes (set in previous SET ALIAS commands) to their predefined values, you can first enter the SHOW ALIAS commands to display the current user attributes: =SHOW ALIAS The report shows: TYPE ALIAS OWNER 86,2 PASSWORD = USER-EXPIRES PASSWORD-EXPIRES PASSWORD-MUST-CHANGE EVERY PASSWORD-EXPIRY-GRACE GUARDIAN DEFAULT SECURITY GUARDIAN DEFAULT VOLUME = * NONE * = * NONE * = 30 DAYS = * NONE * = OOOO = $DATA2.
SET ALIAS Command User Alias Security Commands The report shows: TYPE ALIAS OWNER 86,255 PASSWORD = USER-EXPIRES PASSWORD-EXPIRES PASSWORD-MUST-CHANGE EVERY PASSWORD-EXPIRY-GRACE GUARDIAN DEFAULT SECURITY GUARDIAN DEFAULT VOLUME = * NONE * = * NONE * = * NONE * = * NONE * = OOOO = $SYSTEM.
SET ALIAS Command User Alias Security Commands user is an existing user specified in one of these formats: alias group-num,member-num group-name.member-name LIKE sets the current default values for all user attributes except: PASSWORD [password] REMOTEPASSWORD \system-name remote-password GUARDIAN [DEFAULT] SECURITY ["]string["] GUARDIAN [DEFAULT] [SUB]VOLUME [\system.]$vol.
SET ALIAS Command User Alias Security Commands OWNER [owner-id] specifies the primary owner of an alias authentication record. For owner-id, specify either of: [\*.]group-name.member-name [\*.]group-num , member-num If you omit owner-id, your user ID becomes the current owner-id. OWNER-LIST [[-]user-list] changes the secondary ownership of an alias authentication record by adding or deleting owners in the owner list.
SET ALIAS Command User Alias Security Commands preserved. Lowercase letters remain lowercase, and uppercase letters remain uppercase. If you omit password, the value for password is set to null. (No password is required for logon.) USER-EXPIRES [ date [ , time] ] establishes a date and time after which a user cannot log on to the system with this alias. Specify date and time as local civil time. If you omit both date and time, the user-expiration attribute value is set to null (no expiration date).
SET ALIAS Command User Alias Security Commands Omitting the EVERY num DAYS clause disables PASSWORD-MUSTCHANGE. (That is, the password never expires unless the PASSWORDEXPIRES attribute is set.) PASSWORD-EXPIRY-GRACE num [DAYS] specifies the number of days after password expiration during which the password for this alias can be changed during logon. For num, specify an integer from 0 through 32,767. A value of 0 means no extension period.
SET ALIAS Command User Alias Security Commands AUDIT-AUTHENTICATE-PASS [audit-spec] establishes an audit-spec for successful user authentication attempts. The audit-spec specifies the conditions under which the Safeguard software writes an audit record to the audit file when the user successfully logs on to the system with this alias. The form of audit-spec is: { ALL | LOCAL | REMOTE | NONE } ALL All successful logons are audited. LOCAL Only successful logons from the local system are audited.
SET ALIAS Command User Alias Security Commands NONE No unsuccessful logons are audited. Omitting audit-spec specifies NONE. AUDIT-MANAGE-PASS [audit-spec] establishes an audit-spec for successful attempts to manage the alias authentication record. The audit-spec specifies the conditions under which an audit record is written to the audit file when the alias authentication record is managed. The form of audit-spec is: { ALL | LOCAL | REMOTE | NONE } ALL All successful management attempts are audited.
SET ALIAS Command User Alias Security Commands REMOTE Only unsuccessful management attempts from a remote system are audited. NONE No unsuccessful management attempts are audited. Omitting audit-spec specifies NONE. AUDIT-USER-ACTION-PASS [audit-spec] establishes an audit-spec for successful events performed by the user logged on with this alias, including attempts to access objects and attempts to create or manage Safeguard protection records.
SET ALIAS Command User Alias Security Commands The audit-spec specifies the conditions under which the Safeguard software writes an audit record to the audit file when the alias unsuccessfully attempts to perform an event. Note. When the SAFEGUARD global configuration attributes AUDIT-CLIENT-OSS and AUDIT-OSS-FILTER are enabled, the AUDIT-USER-ACTION-FAIL attribute takes effect for OSS auditing. The form of audit-spec is: { ALL | LOCAL | REMOTE | NONE } ALL All unsuccessful events are audited.
SET ALIAS Command User Alias Security Commands remote-password is the remote password assigned to \system-name. For remotepassword, specify a string of one to eight characters. Any character can be used in a remote password except blanks, commas, semicolons, and the ASCII null character. The case of letters is preserved. Lowercase letters remain lowercase, and uppercase letters remain uppercase. Only one remote password can be set with a SET command. Note.
SET ALIAS Command User Alias Security Commands $vol specifies the default volume, and subvol specifies the default subvolume. If no GUARDIAN VOLUME is specified, the default subvolume is set to $SYSTEM.NOSUBVOL. INITIAL-DIRECTORY [dir-path] specifies the initial working directory within the OSS file system for the alias. dir-path is a case-sensitive text string of up to 256 characters. It must be a syntactically valid OSS pathname.
SET ALIAS Command User Alias Security Commands PROG (with associated parameters) specified in the Safeguard configuration record. CI-LIB [lib-filename] specifies the library file to be used with the command interpreter started when this alias is authenticated at a Safeguard terminal. lib-filename must be a local file name. If you omit lib-filename, no library file is used. CI-CPU [cpu-number | ANY] specifies the number of the CPU in which the command interpreter is to run.
SET ALIAS Command User Alias Security Commands When access for an alias expires, the user cannot log on to the system with that alias, but the alias authentication record is not deleted. • GUARDIAN DEFAULT attributes are equivalent to using the Guardian DEFAULT command. Setting the Guardian default file security or default subvolume with the GUARDIAN SECURITY or GUARDIAN VOLUME attributes is equivalent to using the Guardian DEFAULT command.
SHOW ALIAS Command User Alias Security Commands The report displays: TYPE ALIAS OWNER 14,255 PASSWORD = PeaNut USER-EXPIRES PASSWORD-EXPIRES PASSWORD-MUST-CHANGE EVERY PASSWORD-EXPIRY-GRACE GUARDIAN DEFAULT SECURITY GUARDIAN DEFAULT VOLUME = 21SEP05, 12:00 = * NONE * = * NONE * = * NONE * = OOOO = $DATA2.
SHOW ALIAS Command User Alias Security Commands To set the default values for user attributes to specific values, use SET ALIAS. SHOW [ / OUT listfile / ] ALIAS OUT listfile directs SAFECOM output to listfile for the SHOW report. For listfile, specify any file name. SAFECOM opens listfile and appends the output text to the file. If listfile does not exist, SAFECOM creates an EDITformat file and writes the SHOW report to it. ALIAS identifies ALIAS as the object class of the SHOW command.
SHOW ALIAS Command User Alias Security Commands SHOW ALIAS Report Format The SHOW ALIAS command displays the default user attributes and their current values in the format shown in Figure 6-3 on page 6-53. Figure 6-3.
SHOW ALIAS Command User Alias Security Commands PASSWORD-EXPIRES = { date,time | * NONE * } either gives the date and time when the password expires or indicates that no expiration date has been specified. PASSWORD-MUST-CHANGE EVERY = { n DAYS | * NONE * } either gives the maximum number of days that the alias can retain the same password or indicates that no limit has been set.
SHOW ALIAS Command User Alias Security Commands CI-SWAP = { $vol[.subvol.filename] | * NONE * } either gives the swap volume or file used with the command interpreter or indicates no swap volume or file is specified. CI-CPU = { num | ANY } either gives the number of the CPU in which the command interpreter runs or indicates any CPU will be used. CI-PRI = { num | * NONE * } either gives the priority at which the command interpreter runs or indicates that no priority is assigned in the user record.
SHOW ALIAS Command User Alias Security Commands Examples 1. This sample SHOW ALIAS command displays the predefined user-attribute settings for the user who has user ID 86,2: =SHOW ALIAS The report displays: TYPE ALIAS OWNER 86,2 PASSWORD = USER-EXPIRES PASSWORD-EXPIRES PASSWORD-MUST-CHANGE EVERY PASSWORD-EXPIRY-GRACE GUARDIAN DEFAULT SECURITY GUARDIAN DEFAULT VOLUME = * NONE * = * NONE * = * NONE * = * NONE * = OOOO = $SYSTEM.
THAW ALIAS Command User Alias Security Commands The PRS group manager enters: =SHOW ALIAS The report displays: TYPE ALIAS OWNER 86,255 PASSWORD = Pasta USER-EXPIRES PASSWORD-EXPIRES PASSWORD-MUST-CHANGE EVERY PASSWORD-EXPIRY-GRACE GUARDIAN DEFAULT SECURITY GUARDIAN DEFAULT VOLUME = 15DEC05, 0:00 = * NONE * = 30 DAYS = * NONE * = NUNU = $TOPS.
THAW ALIAS Command User Alias Security Commands alias specifies the alias (or aliases) whose ability to log on is to be restored. alias can contain wild-card characters. WHERE expression causes the THAW command to apply to only authentication records for aliases who belong to the groups specified by expression. For a description of WHERE expression, see the ALTER ALIAS Command on page 6-9. Examples 1.
7 Group Commands The GROUP commands allow a security administrator to define user groups and manage the membership of those groups. User groups created explicitly with the ADD GROUP command can exist independently of user definitions. The groups created in this manner usually serve as file-sharing groups rather than as administrative groups. Typically, an administrative group is created implicitly with the ADD USER command, as described in Section 5, User Security Commands. Note.
Group Names and Access Control Lists Group Commands Group Names and Access Control Lists Currently, only administrative group names and numbers are allowed on Safeguard ACLs. File-sharing group names and numbers are not permitted in ACLs. However, the Safeguard software’s method of evaluating ACLs recognizes extended group membership. An ACL entry in the form group-name.
Syntax of Group Commands Group Commands Table 7-1. Group Command Summary Command Description ADD GROUP Adds a group definition record with the specified group attribute values. ALTER GROUP Changes one or more attribute values in a group definition record. DELETE GROUP Deletes a group definition record. GROUP Displays the existing attribute values in a group definition record. Syntax of Group Commands The remainder of this section describes each group command in detail.
ADD GROUP Command Group Commands alphabetic or numeric. The group-name must not already exist as an administrative group name. Note. If you want to define a group that can be subsequently used as an administrative group, the group name and group number must meet the syntactical requirements for administrative groups: • • The group name must be from one to eight alphabetic or numeric characters, the first of which must be alphabetic.
ADD GROUP Command Group Commands If you omit owner-id, your user ID becomes the current owner-id. MEMBER member-list specifies users who are granted membership in this group. member-list can be either of: net-user-spec ( net-user-spec [ , net-user-spec ...] ) net-user-spec can be either of: alias group-name.member-name Note. net-user-spec can include wild-card characters (? or *) only on systems running J06.08 and later J-series RVUs and H06.19 and later H-series RVUs.
ADD GROUP Command Group Commands If the minus sign is omitted, the specified users are added to the owner list. If userlist is omitted, the owner list is set to null (no secondary owners). A maximum of 50 users can be specified in user-list. For user-list, specify either: net-user-spec (net-user-spec [;net-user-spec ...]) net-user-spec is either: [\node-spec.]group-name.member-name [\node-spec.]group-num , member-num node-spec is one of: * node-name node-number node-name specifies the system name.
ADD GROUP Command Group Commands ownership. It is subject to different restrictions, as described in Section 5, User Security Commands. • • • • • • Although it is syntactically valid to create a group with a name that consists of all numbers, HP does not recommend this practice. A numeric name might cause confusion between the group name and group number even though the Safeguard software can distinguish between them.
ALTER GROUP Command Group Commands 5. The following command adds a group definition record for the group named MYGROUP2, which is assigned the group number 102. Wild -card character, *.*, is used to add all users and aliases in the Guardian user name format to the group. No descriptive text is included. =ADD GROUP MYGROUP2, NUMBER 102, MEMBER *.* 6. The following command adds a group definition record for the group named MYGROUP3, which is assigned the group number 103.
ALTER GROUP Command Group Commands name-list can be either of: group-name ( group-name [ , group-name ] ... ) group-name can be any group name. The name can contain wild-card characters. NUMBER num-list specifies the numeric ID of the group or groups to be altered. The num-list can contain up to 32 entries. num-list specifies one or more groups for which definition records are to be altered. num-list can be either of: group-num ( group-num [ , group-num] ... ) group-num can be any group number.
ALTER GROUP Command Group Commands to the group. member-list preceded by a minus sign (-) indicates that the list is to be removed from the group. member-list can either of these forms: net-user-spec ( net-user-spec [ , net-user-spec ...] ) net-user-spec can be either of: alias group-name.member-name Note. net-user-spec can include wild-card characters (? and *).This feature is supported only on systems running J06.08 and later J-series RVUs and H06.19 and later H-series RVUs. The group number.
ALTER GROUP Command Group Commands If the minus sign is omitted, the specified users are added to the owner list. If userlist is omitted, the owner list is set to null (no secondary owners). A maximum of 50 users can be specified in user-list. For user-list, specify either: net-user-spec (net-user-spec [;net-user-spec ...]) net-user-spec is either: [\node-spec.]group-name.member-name [\node-spec.]group-num , member-num node-spec is one of: * node-name node-number node-name specifies the system name.
DELETE GROUP Command Group Commands Examples 1. The following command changes the description of the group assigned group number 656: =ALTER GROUP NUMBER 656 DESCRIPTION All first- and & =second-shift system administrators 2. The following command changes the description of the group Rel20 and all groups whose names begin with Test: =ALTER GROUP NAME (Test*, Rel20) DESCRIPTION Temporary & =group for system test purposes 3. The following command adds the user PROG4.
DELETE GROUP Command Group Commands [ NAME ] name-list specifies the name of the group or groups to be altered. name-list specifies one or more groups for which definition records are to be deleted. The name-list can contain up to 32 entries. name-list can be either of: group-name ( group-name [ , group-name ] ... ) group-name can be any group name. The name can contain wild-card characters. NUMBER num-list specifies the numeric ID of the group or groups to be altered.
INFO GROUP Command Group Commands INFO GROUP Command The INFO GROUP command shows the group attributes stored in a specified group definition record. Only the record owner, that owner’s group manager, and the super ID user can view their group details by executing the INFO GROUP command. INFO GROUP { [ NAME ] name-list | NUMBER num-list } [ [ , ] DETAIL ][, OWNER-LIST] [ NAME ] name-list specifies the name of the group or groups for which information is to be displayed.
INFO GROUP Command Group Commands OWNER-LIST [[-]user-list] changes the secondary ownership of a group record by adding or deleting owners in the owner list. A minus sign (-) preceding user-list indicates that the specified users are to be deleted from the existing owner list. If the minus sign is omitted, the specified users are added to the owner list. If userlist is omitted, the owner list is set to null (no secondary owners). A maximum of 50 users can be specified in user-list.
INFO GROUP Command Group Commands net-user-spec (net-user-spec [;net-user-spec ...]) net-user-spec is either: [\node-spec.]group-name.member-name [\node-spec.]group-num , member-num node-spec is one of: * node-name node-number node-name specifies the system name. node-number specifies the Expand node number. group-name specifies the name of any group. group-num specifies the group number of any group. INFO GROUP Brief Report Figure 7-1 shows the format of the brief INFO GROUP report.
INFO GROUP Command Group Commands Figure 7-1. INFO GROUP Brief Report Format GROUP NAME group-name NUMBER groupnum OWNER o-id LAST-MODIFIED date,time Figure 7-1 contains the following group attribute values and status fields: GROUP NAME group-name is the name of the group whose attributes are being displayed. NUMBER group-num is the group number of the group. OWNER o-id is the user ID of the user who owns this group definition record.
INFO GROUP Command Group Commands CREATOR-USER-NAME = user-name/alias-name specifies the username of the user who created the user. CREATOR-USER-TYPE = USER/ALIAS ( uid ) identifies if the creator is an alias or a user, followed by the user ID of the creator. CREATOR-NODENUMBER = num specifies the system number where the user is created. AUTO-DELETE = { ON/OFF } is the AUTO-DELETE group attribute, which is a read-only attribute. It cannot be set through SAFECOM.
INFO GROUP Command Group Commands net-user-spec (net-user-spec [;net-user-spec ...]) net-user-spec is either: [\node-spec.]group-name.member-name [\node-spec.]group-num , member-num node-spec is one of: * node-name node-number node-name specifies the system name. node-number specifies the Expand node number. group-name specifies the name of any group. group-num specifies the group number of any group.
INFO GROUP Command Group Commands match the specified wild-card expression, Safeguard does not display Security Violation error. Instead, it displays the records it has access to. • If the group name does not contain wild-card characters and if the user does not have sufficient privileges to retrieve information about the specified group, a Security Violation error is displayed. Examples 1.
INFO GROUP Command Group Commands Display shall be as shown below: GROUP NAME NUMBER TEST OWNER 5 LAST-MODIFIED 255,255 8AUG11, 14:10 GROUP OWNER-LIST SECTION UNDEFINED! To display detailed report of the group. The secondary owners exist for the group. = INFO GROUP TEST, DETAIL GROUP NAME NUMBER TEST OWNER 5 255,255 CREATION-TIME = CREATOR-USER-NAME = SUPER.
INFO GROUP Command Group Commands 1. The following displays the detailed report of the group.The secondary owners do not exist for the group. = INFO GROUP TEST, DETAIL GROUP NAME NUMBER TEST OWNER 5 255,255 CREATION-TIME = CREATOR-USER-NAME = SUPER.SUPER CREATOR-USER-TYPE = USER 8AUG11, 14:10 CREATOR-NODENUMBER = AUTO-DELETE LAST-MODIFIED (255,255) 167 = ON DESCRIPTION = MEMBER = testuse1 MEMBER = TEST.MGR MEMBER = TEST.USER1 MEMBER = TEST.USER2 MEMBER = TEST.
8 Disk-File Security Commands The SAFECOM disk file security commands give disk-file owners access control of protected disk files and the ability to specify when to audit attempts to access and manage the authorization records for these files. By default, only the disk file’s owner, the owner’s group manager, or the super ID can add a Safeguard authorization record unless a list of users is specified by the OBJECTTYPE DISKFILE. (For more information, see Section 12, OBJECTTYPE Security Commands.
Disk-File Access Authorities Disk-File Security Commands Any user with OWNER authority on the ACL can explicitly deny a local super ID any of the authorities (including OWNER) implicitly granted to that user ID and have this denial actively enforced all of the time. The primary owner can also set the PROGID attribute through the ALTER DISKFILE command. The PROGID attribute is controlled by the super ID, primary owners, and secondary owners, and is not transferable.
Disk-File Access Authorization Disk-File Security Commands The Safeguard software can also control the creation of disk files on specific volumes or subvolumes. For a description of the SAFECOM commands that control file-creation authority, see Section 9, Disk Volume and Subvolume Security Commands.
Disk-File Security Command Summary Disk-File Security Commands Table 8-1. Access Authority Required to Rename a File Current File Name New File Name Result Yes Yes - Yes Yes Yes Yes Yes - Yes No No Yes No - - - No Note. If a persistent protection record exists for the new file name, the renamed file assumes that persistent ACL.
Syntax of Disk-File Security Commands Disk-File Security Commands Table 8-2. Disk-File Security Command Summary (page 2 of 2) Command Description FREEZE DISKFILE* Temporarily suspends access to a disk file. (Only the file owner, the owner’s group manager, and the super ID can access a frozen disk file.) FREEZE DISKFILEPATTERN* Suspends access authority to a diskfile pattern. No one except an owner, the primary owner's group manager, and the super ID can gain access to the frozen pattern.
ADD DISKFILE Command Disk-File Security Commands • • • • The syntax of the command, including descriptions of the command parameters and variables The format for the command listing or report (for commands that produce displays or listings) Considerations for the use of the command Examples of command usage ADD DISKFILE Command ADD DISKFILE creates a Safeguard authorization record for one or more existing disk files.
ADD DISKFILE Command Disk-File Security Commands LIKE disk-file-name adopts the existing attribute values of disk-file-name as the disk-fileattribute values to be used for the authorization record or records being added. disk-file-name identifies the disk file whose current disk-file-attribute values are to be assigned to the disk-file authorization record or records being added. diskfile-name can be any disk-file name.
ADD DISKFILE Command Disk-File Security Commands An ACL contains as many as 50 entries that grant or deny access authorities to users and user groups. access-spec has the form: user-list [-] [DENY] authority-list group-list [-] [DENY] authority-list user-list specifies users who are granted (or denied) the access authorities specified with the following authority-list. user-list can be either of: net-user-spec ( net-user-spec [ , net-user-spec ] ... ) net-user-spec can be any of: [\node-spec.
ADD DISKFILE Command Disk-File Security Commands node-name specifies the system name. node-number specifies the Expand node number. adm-group-name specifies the name of the administrative group. admin-group-name specifies the group number of an administrative group. group-name specifies the name of any group. group-num specifies the group number of any group. (minus-sign) operates on existing ACL entries. The minus-sign form of access-spec modifies the current default ACL.
ADD DISKFILE Command Disk-File Security Commands authority is any one of: R[EAD] W[RITE] E[XECUTE] P[URGE] C[REATE] O[WNER] * (asterisk) specifies all the disk-file access authorities except CREATE authority (R, W, E, P, and O). LICENSE {ON|OFF} either licenses a program object file or revokes the license of a currently licensed program object file. (For more information about the LICENSE attribute, see SET DISKFILE Command on page 8-57.
ADD DISKFILE Command Disk-File Security Commands disk file are physically cleared when the file is purged. (For more information about the CLEARONPURGE, see SET DISKFILE Command on page 8-57.) CLEARONPURGE ON indicates that when a disk file is purged, its entry in the volume directory is deleted, and its data pages are physically cleared. CLEARONPURGE OFF indicates that when a disk file is purged, its entry in the volume directory is deleted.
ADD DISKFILE Command Disk-File Security Commands For a description of audit-spec, see the SET DISKFILE Command on page 8-57. Omitting audit-spec specifies NONE. AUDIT-ACCESS-FAIL [audit-spec] changes the audit-spec for unsuccessful attempts to access the disk file. The form of audit-spec is: { ALL | LOCAL | REMOTE | NONE } For a description of audit-spec, see the SET DISKFILE Command on page 8-57. Omitting audit-spec specifies NONE.
ADD DISKFILE Command Disk-File Security Commands A process originated from a program file calling USER_AUTHENTICATE_ with a 2 and 15 bit set to ON, the requesting user for authentication need not give a password. Even with wrong password the user will be able to logon successfully as bit 2 and 15 in the options field. In case of only bit 2 set to 1 and bit 15 as 0; no fail delay will take place. That is, no failure delay will be imposed even after three attempts with wrong password.
ADD DISKFILE Command Disk-File Security Commands You can use the LIKE disk-file-name clause to define all the disk-file attribute values for a disk file, and then change one or more of the attribute values by specifying new values after the LIKE keyword. For example, this command adds an authorization record for MEMO1 that has the same disk-file attribute values as MEMO2 except for the OWNER attribute: =ADD DISKFILE memo1, LIKE memo2, OWNER sales.
ADD DISKFILE-PATTERN Command Disk-File Security Commands Only a local super ID can add an authorization record for a licensed program object file and retain the license attribute in the newly added authorization record. Caution. When adding an authorization record for a licensed program object file, set the LICENSE attribute value to ON. If the LICENSE attribute is OFF (the default value), the license for that object file is revoked.
ADD DISKFILE-PATTERN Command Disk-File Security Commands attributes in your ADD DISKFILE-PATTERN command. The current default values are used for any attributes not specified in your ADD DISKFILE-PATTERN command. ADD DISKFILE-PATTERN pattern-spec-list [ , ] [ LIKE pattern-spec | pattern-attribute ] [ , pattern-attribute ] ... pattern-spec-list is the same as the corresponding non-pattern object types. That is, a PATTERNSPEC-LIST is a comma-separated list of one or more PATTERN-SPEC attributes.
ADD DISKFILE-PATTERN Command Disk-File Security Commands OWNER [owner-id] specifies the new owner of the diskfile pattern. owner-id can be either of: [\*.]group-name.member-name [\*.]group-num , member-num If you omit owner-id, owner-id is set to your user ID. ACCESS access-spec [ ; access-spec ] ... changes the ACL for filename-list by adding or deleting ACL entries or by changing the authority list of a current ACL entry.
ADD DISKFILE-PATTERN Command Disk-File Security Commands net-group-spec can take any of these forms: GROUP [NAME][\node-spec.] group-name GROUP NUMBER [\node-spec.] node-spec has the form: * | node-name | node-number node-name specifies the system name. node-number specifies the Expand node number. adm-group-name specifies the name of the administrative group. admin-group-name specifies the group number of an administrative group. group-name specifies the name of any group.
ADD DISKFILE-PATTERN Command Disk-File Security Commands authority-list specifies the access authorities to be granted (or denied) to user-list. authority-list can be any one of: authority ( authority [ , authority ] ... ) * authority is any one of: R[EAD] W[RITE] E[XECUTE] P[URGE] C[REATE] O[WNER] * (asterisk) specifies all the disk-file access authorities (R, W, E, P, C, and O). AUDIT-ACCESS-PASS [audit-spec] changes the audit-spec for successful attempts to access the diskfile pattern.
ADD DISKFILE-PATTERN Command Disk-File Security Commands AUDIT-MANAGE-FAIL [audit-spec] changes the audit-spec for unsuccessful attempts to manage (change or read) a diskfile-pattern authorization record. The form of audit-spec is: { ALL | LOCAL | REMOTE | NONE } For a description of audit-spec, see the SET DISKFILE Command on page 8-57. Omitting audit-spec specifies NONE. WARNING-MODE { ON | OFF } defines whether the warning mode is enabled for the specified diskfile pattern. The value is required.
ALTER DISKFILE Command Disk-File Security Commands You can use the LIKE disk-file-name clause to define all the disk-file attribute values for a disk file, and then change one or more of the attribute values by specifying new values after the LIKE keyword. For example, this command adds an authorization record for MEMO1 that has the same disk-file attribute values as MEMO2 except for the OWNER attribute: =ADD DISKFILE memo1, LIKE memo2, OWNER sales.
ALTER DISKFILE Command Disk-File Security Commands spec to the existing ACL. To remove authorities previously granted to users, use the minus-sign (-) form of access-spec. ALTER DISKFILE filename-list [ , ] { LIKE disk-file-name | disk-file-attribute } [ , disk-file-attribute ] ... DISKFILE specifies DISKFILE as the object type of the ALTER command. Omit it if DISKFILE is the assumed object type. (For more information on assumed object types, see the ASSUME Command on page 4-3.
ALTER DISKFILE Command Disk-File Security Commands CLEARONPURGE {ON|OFF} PERSISTENT {ON|OFF} OBJECT-TEXT-DESCRIPTION "[any-text]" RESET-OBJECT-TEXT-DESCRIPTION AUDIT-ACCESS-PASS [audit-spec] AUDIT-ACCESS-FAIL [audit-spec] AUDIT-MANAGE-PASS [audit-spec] AUDIT-MANAGE-FAIL [audit-spec] WHERE option-list WARNING-MODE {ON|OFF} TRUST {ME|SHARED|OFF} (H-series only) AUDIT-PRIV-LOGON { ON | OFF} PRIV-LOGON { ON | OFF} Note.
ALTER DISKFILE Command Disk-File Security Commands net-user-spec can be any of: [\node-spec.]adm-group-name.user-name [\node-spec.]adm-group-num , user-num [\node-spec.]adm-group-name.* [\node-spec.]adm-group-num , * [\node-spec.]*.* [\node-spec.]*,* (minus-sign) operates on the existing ACL entries. The minus-sign form of access-spec modifies the current default ACL. The authority entries are removed from the default ACL entries for the users specified with user-list.
ALTER DISKFILE Command Disk-File Security Commands group-num specifies the group number of any group. (minus-sign) operates on the existing ACL entries. The minus-sign form of access-spec modifies the current default ACL. The authority entries are removed from the default ACL entries for the users specified with user-list. DENY denies the users or groups specified by user-list the access authorities specified by authority-list.
ALTER DISKFILE Command Disk-File Security Commands LICENSE OFF revokes the license of all program object files specified with filenamelist. PROGID {ON|OFF} changes the PROGID attribute of a program object file. When the PROGID attribute is set to ON, the process accessor ID (PAID) of a process that is executed from that object file is set to the user ID of the primary owner of the object file.
ALTER DISKFILE Command Disk-File Security Commands PERSISTENT OFF indicates that the authorization record for the disk file is deleted if the file is purged. OBJECT-TEXT-DESCRIPTION “[any-text]” allows you to store printable characters as comments. These comments are associated with the objects and are used to manage the object authorization record. The text description field can accommodate 255 bytes of text data. Note. The text specified in the text description field overwrites existing data, if any.
ALTER DISKFILE Command Disk-File Security Commands AUDIT-MANAGE-PASS [audit-spec] changes the audit-spec for successful attempts to change or read a disk file authorization record. The form of audit-spec is: { ALL | LOCAL | REMOTE | NONE } For a description of audit-spec, see the SET DISKFILE Command on page 8-57. Omitting audit-spec specifies NONE. AUDIT-MANAGE-FAIL [audit-spec] changes the audit-spec for unsuccessful attempts to change or read a disk file authorization record.
ALTER DISKFILE Command Disk-File Security Commands PRIV-LOGON { ON | OFF} establishes whether the program file (object disk file) can request additional logon related sensitive features. When set to ON, a process created from this program file can request a logon without specifying a password. A process originated from a program file calling USER_AUTHENTICATE_ with a 2 and 15 bit set to ON, the requesting user for authentication need not give a password.
ALTER DISKFILE Command Disk-File Security Commands The following two commands perform similar functions but are not strictly equivalent: FUP SECURE filename-list , "security-string" ALTER DISKFILE filename-list , ACCESS access-spec [ ; access-spec ] ... An access-spec can include or deny specific users or groups of users to which the owner does not belong. A security-string does not have this flexibility.
ALTER DISKFILE-PATTERN Command Disk-File Security Commands A process is created from the object test such that purge permission is granted to user x.y. ALTER DISKFILE-PATTERN Command ALTER DISKFILE-PATTERN changes one or more diskfile-pattern attribute values in an existing diskfile-pattern authorization record. The primary owner of a pattern, the primary owner’s group manager, the local super ID, and any user with OWNER authority on the ACL can change a pattern authorization record.
ALTER DISKFILE-PATTERN Command Disk-File Security Commands • • A subvolume name, which might include wildcard characters and valid subvolume characters. A file name, which might include wildcard characters and valid file name characters. WHERE option-list specifies that only disk files in filename-list that have WARNING-MODE set are to be altered.
ALTER DISKFILE-PATTERN Command Disk-File Security Commands access-spec has the form: user-list [-] [DENY] authority-list group-list [-] [DENY] authority-list user-list specifies users who are granted (or denied) the access authorities specified with the following authority-list. user-list can be either of: net-user-spec ( net-user-spec [ , net-user-spec ] ... ) net-user-spec can be any of: [\node-spec.]adm-group-name.user-name [\node-spec.]adm-group-num , user-num [\node-spec.]adm-group-name.
ALTER DISKFILE-PATTERN Command Disk-File Security Commands node-name specifies the system name. node-number specifies the Expand node number. adm-group-name specifies the name of the administrative group. admin-group-name specifies the group number of an administrative group. group-name specifies the name of any group. group-num specifies the group number of any group. (minus-sign) operates on the existing ACL entries. The minus-sign form of access-spec modifies the current default ACL.
ALTER DISKFILE-PATTERN Command Disk-File Security Commands authority is any one of: R[EAD] W[RITE] E[XECUTE] P[URGE] C[REATE] O[WNER] * (asterisk) specifies all the disk-file access authorities (R, W, E, P, C, and O). AUDIT-ACCESS-PASS [audit-spec] changes the audit-spec for successful attempts to access the diskfile pattern. The form of audit-spec is: { ALL | LOCAL | REMOTE | NONE } For a description of audit-spec, see the SET DISKFILE Command on page 8-57. Omitting audit-spec specifies NONE.
DELETE DISKFILE Command Disk-File Security Commands WARNING-MODE { ON | OFF } defines whether the warning mode is enabled for the specified diskfile pattern. The value is required. For more information on warning mode, see the Safeguard Administrator's Manual. ON enables warning mode for the specified diskfile pattern. The initial value is OFF, which disables warning mode for the specified diskfile pattern.
DELETE DISKFILE Command Disk-File Security Commands Guardian security system and is no longer subject to Safeguard authorization checks or Safeguard auditing. Using DELETE DISKFILE to delete a disk-file authorization record does not delete the file. To delete a file, use the FUP PURGE command, the PURGE command in the command interpreter, or the PURGE procedure. When a disk file is purged, its authorization record is automatically deleted.
DELETE DISKFILE-PATTERN Command Disk-File Security Commands TRUSTME (H-series only) TRUSTSHARED (H-series only) Considerations • Deleting a disk-file authorization record places the file under standard Guardian security. When you delete a disk-file authorization record, the disk file is no longer subject to Safeguard authorization checks and auditing. All subsequent accesses to the disk file are subject to standard Guardian disk-file security checks.
DELETE DISKFILE-PATTERN Command Disk-File Security Commands pattern-spec-list is the same as the corresponding non-pattern object types. That is, a PATTERNSPEC-LIST is a comma-separated list of one or more PATTERN-SPEC attributes. ( pattern-spec [ , pattern-spec ] . . . ) pattern-spec are the characters that define the pattern that describe a set of objects.
FREEZE DISKFILE Command Disk-File Security Commands and auditing. All subsequent accesses to the diskfiles are subject to standard Guardian disk-file security checks. When the Safeguard software deletes a diskfile pattern authorization record, the security-string for the files not protected by Safeguard are reset to the original value. (That is, the files receive the security it had before being added to Safeguard protection.) Examples 1. To delete the diskfile pattern $ABC.*.
FREEZE DISKFILE Command Disk-File Security Commands disk-file-name can be any disk-file name. The name can contain wild-card characters. WHERE option-list specifies that only disk files in filename-list that have LICENSE, PROGID, WARNING-MODE, TRUST ME, or TRUST SHARED set are to be frozen.
FREEZE DISKFILE-PATTERN Command Disk-File Security Commands A brief report shows: LAST-MODIFIED $DATA.HARRY SALES 086,001 086,002 086,255 9JUN87, 10:18 R R,W,E,P, R,W,E,P, OWNER 86,2 STATUS FROZEN WARNING-MODE OFF O O FREEZE DISKFILE-PATTERN Command FREEZE DISKFILE-PATTERN temporarily suspends the access authorities granted to users on a diskfile pattern ACL.
INFO DISKFILE Command Disk-File Security Commands option-list has the form: [ ( ] option [ OR option ] [ ) ] option can be: WARNING-MODE ALL instructs Safeguard to use all the wildcard characters as a part of the search string, not as part of the pattern. Consideration • The FREEZE command enforces special access rules on the object when the protection record is frozen. In general, these rules specify that only the owner of the protection record, that owners group manager, and the local SUPER.
INFO DISKFILE Command Disk-File Security Commands DISKFILE specifies DISKFILE as the object type for the INFO command. Omit it if DISKFILE is the assumed object type. (For more information on assumed object types, see the ASSUME Command on page 4-3.) filename-list specifies the disk file or files for which INFO DISKFILE reports are produced. filename-list can be either: disk-file-name ( disk-file-name [ , disk-file-name ] ... ) disk-file-name can be any disk-file name.
INFO DISKFILE Command Disk-File Security Commands WHERE option-list causes an INFO report to be displayed for each disk file in filename-list that has LICENSE, PROGID, WARNING-MODE, TRUST ME, or TRUST SHARED set. option-list has the form: [ ( ] option [ OR option ] [ ) ] option can be one of: PROGID LICENSE WARNING-MODE TRUSTME (H-series only) TRUSTSHARED (H-series only) INFO DISKFILE Brief Report The brief INFO DISKFILE report gives you information about the disk file or files you specify.
INFO DISKFILE Command Disk-File Security Commands STATUS status is the current status of this disk file. status is either FROZEN or THAWED. WARNING-MODE {ON|OFF} is the current warning-mode state of this disk file. ON indicates that the protection record is in warning mode. The initial value is OFF, which indicates that warning mode is disabled for this disk file. user-spec [DENY] authority-list is an entry in the ACL for this disk file. user-spec identifies a single user or user group.
INFO DISKFILE Command Disk-File Security Commands \node-spec.group-num, member-num identifies both the local user with user ID group-num, member-num and a network user who has the same user name and user ID as that local user. \node-spec.group-num,* identifies all the local users in the group identified by group-num and all network users whose group-num and group-name match those of the local group. \node-spec.
INFO DISKFILE Command Disk-File Security Commands Figure 8-2. INFO DISKFILE Detailed Report Format LAST-MODIFIED OWNER $volume.subvol filename date, time owner-id STATUS WARNING-MODE status {ON|OFF} user-spec [DENY] authority-list user-spec [DENY] authority-list . . .
INFO DISKFILE Command Disk-File Security Commands ON The PAID of a process that is run from this program object file is set to the user ID of the owner of this disk file. OFF The PAID of a process that is run from this program object file is set to the user ID of the user that runs the process. CLEARONPURGE = {ON|OFF} indicates whether the data pages for this disk file are physically cleared when the file is purged. ON When this disk file is purged, all its data pages on disk are physically cleared.
INFO DISKFILE Command Disk-File Security Commands SHARED The program can be trusted to not access the buffers that are private to the process or are shared with another process that also has TRUST SHARED set, before I/O completion. OFF The program is not to be trusted. Considerations When you specify WHERE LICENSE or WHERE PROGID, the INFO report includes all files with LICENSE or PROGID set, not just files protected by the Safeguard software.
INFO DISKFILE-PATTERN Command Disk-File Security Commands • The following command produces a detailed INFO report for all disk files on the volume $DEV that have the LICENSE or PROGID attribute set ON: =INFO DISK $DEV.*.*, DETAIL, WHERE (LICENSE OR PROGID) INFO DISKFILE-PATTERN Command INFO DISKFILE-PATTERN displays the attribute values currently stored in a diskfilepattern authorization record. INFO DISKFILE-PATTERN produces two types of reports: brief and detailed.
INFO DISKFILE-PATTERN Command Disk-File Security Commands • • • A volume name, which will include only valid volume characters; that is, wildcard characters are not part of the pattern, and if present, imply a onedimensional search. A subvolume name, which might include wildcard characters and valid subvolume characters. A file name, which might include wildcard characters and valid file name characters.
INFO DISKFILE-PATTERN Command Disk-File Security Commands option can be: WARNING-MODE Examples 1. To display the diskfile pattern $DATA.*TEST.* (that is, display a single diskfile pattern) using display user as name: =DISPLAY USER AS NAME =INFO DISKFILE-PATTERN $DATA.*TEST.* This information appears: LAST-MODIFIED OWNER STATUS WARNING-MODE $DATA.*TEST * 28SEP04, 5:44 MLH1.MGR THAWED \KONA.PROD.CARLY \KONA.TEST.JIMMY GROUP TEST GROUP \KONA.TEST \*.*.* OFF R R,W R,W,E,P,C R R 2.
RESET DISKFILE Command Disk-File Security Commands 3. To display the diskfile pattern $DATA.*TEST.* (that is, display a single diskfile pattern) using display user as number: =DISPLAY USER AS NUMBER =INFO DISKFILE-PATTERN $DATA.*TEST.* This information appears: LAST-MODIFIED OWNER STATUS WARNING-MODE $DATA.*TEST * 28SEP04, 5:44 164,255 THAWED \205.011,100 \205.200,002 GROUP 00200 GROUP \205.00200 \*.*,* OFF R R,W R,W,E,P,C R R 4.
RESET DISKFILE Command Disk-File Security Commands disk-file-attribute-keyword sets the current default value of the disk-file-attribute indicated by diskfile-attribute-keyword to predefined values, as follows: OWNER - User ID of the current SAFECOM user ACCESS - Null (no access control list) LICENSE - OFF PROGID - OFF CLEARONPURGE - OFF PERSISTENT - OFF OBJECT-TEXT-DESCRIPTION - Null (no descriptive text or blank) AUDIT-ACCESS-PASS - NONE (no auditing) AUDIT-ACCESS-FAIL - NONE (no auditing) AUDIT-MANAGE-
RESET DISKFILE-PATTERN Command Disk-File Security Commands A brief report shows: TYPE DISKFILE OWNER 33,6 WARNING-MODE OFF OBJECT-TEXT-DESCRIPTION = AUDIT-ACCESS-PASS = LOCAL AUDIT-ACCESS-FAIL = NONE AUDIT-PRIV-LOGON = OFF LICENSE = OFF PROGID = OFF 033,001 033,002 033,005 033,006 R, E R,W R,W R,W,E,P, AUDIT-MANAGE-PASS = ALL AUDIT-MANAGE-FAIL = LOCAL CLEARONPURGE = OFF PRIV-LOGON = OFF PERSISTENT = OFF O Then, to reset the disk-file attributes to their predefined values: =RESET DISKFILE Display t
SET DISKFILE Command Disk-File Security Commands pattern-attribute-keyword sets the current default value of the pattern-attribute indicated by pattern-attribute-keyword to predefined values, as follows: OWNER ACCESS AUDIT-ACCESS-PASS AUDIT-ACCESS-FAIL AUDIT-MANAGE-PASS AUDIT-MANAGE-FAIL WARNING-MODE - User ID of the current SAFECOM user Null (no access control list) NONE (no auditing) NONE (no auditing) NONE (no auditing) NONE (no auditing) OFF (warning mode disabled) For a complete description of pat
SET DISKFILE Command Disk-File Security Commands To display the current default disk-file attribute values, use the SHOW DISKFILE command. SET DISKFILE [ , ] { LIKE disk-file-name | disk-file-attribute } [ , disk-file-attribute ] ... DISKFILE specifies DISKFILE as the object type of the SET command. Omit it if DISKFILE is the assumed object type. (For more information on assumed object types, see the ASSUME Command on page 4-3.
SET DISKFILE Command Disk-File Security Commands AUDIT-ACCESS-PASS [audit-spec] AUDIT-ACCESS-FAIL [audit-spec] AUDIT-MANAGE-PASS [audit-spec] AUDIT-MANAGE-FAIL [audit-spec] WARNING-MODE {ON|OFF} TRUST {ME|SHARED|OFF} (H-series only) AUDIT-PRIV-LOGON { ON | OFF } PRIV-LOGON { ON | OFF} Note. The attributes, AUDIT-PRIV-LOGON and PRIV-LOGON, are supported only on systems running H06.11 and later H-series RVUs and G06.32 and later G-series RVUs. OWNER [owner-id] specifies the owner of a disk file.
SET DISKFILE Command Disk-File Security Commands (minus-sign) operates on existing ACL entries. The minus-sign form of access-spec modifies the current default ACL. The authority entries are removed from the default ACL entries for the users specified with user-list. group-list can take either of the following forms: net-group-spec ( net-group-spec [ , net-user-spec ] ... ) net-group-spec can take any of these forms: GROUP [NAME][\node-spec.] group-name GROUP NUMBER [\node-spec.
SET DISKFILE Command Disk-File Security Commands are removed from the default ACL entries for the users specified with user-list. DENY denies the users or user groups specified with the preceding user-list the access authorities specified in these authority-list. authority-list specifies the access authorities to be granted (or denied). authority-list can be any of: authority ( authority [ , authority ] ...
SET DISKFILE Command Disk-File Security Commands PROGID {ON|OFF} has meaning only for program object disk files. The PROGID attribute affects the way a process’s process accessor ID (PAID) is set when the process is run. Normally, a PAID is set to the user ID of the user who runs the process. But if PROGID for a program object file is set to ON when the program is run, the PAID of the resulting process is set to the user ID of the object file’s primary owner.
SET DISKFILE Command Disk-File Security Commands file with the same name, that file assumes the authorization record associated with the old file. When PERSISTENT is OFF, the authorization record for the disk file is deleted if the file is purged. PERSISTENT ON indicates that the PERSISTENT attribute is set to ON for all disk files in filename-list for subsequent ADD DISKFILE commands.
SET DISKFILE Command Disk-File Security Commands REMOTE Only successful access attempts made by remote users are audited. NONE No successful access attempts are audited. Omitting audit-spec specifies NONE. AUDIT-ACCESS-FAIL [audit-spec] establishes an audit-spec for unsuccessful attempts to access a disk file. This audit-spec specifies the conditions under which an audit record is written to the audit file when an attempt to access a disk file fails.
SET DISKFILE Command Disk-File Security Commands LOCAL Only successful management attempts made by local users are audited. REMOTE Only successful management attempts made by remote users are audited. NONE No successful management attempts are audited. Omitting audit-spec specifies NONE. AUDIT-MANAGE-FAIL [audit-spec] establishes an audit-spec for unsuccessful attempts to manage a disk file authorization record.
SET DISKFILE Command Disk-File Security Commands TRUST {ME|SHARED|OFF} establishes the current default setting of the TRUST attribute for a program object file. This attribute is valid only on systems running H-series RVUs. Only the super ID can set this attribute. ME specifies that the program can be trusted to not access the buffers private to the process before I/O completion.
SET DISKFILE Command Disk-File Security Commands Examples 1.
SET DISKFILE-PATTERN Command Disk-File Security Commands owner of COPY full access to the file and remove write and purge access from user 33,6. The INFO DISKFILE command verifies this: =INFO DISKFILE copy, DETAIL $DATA.
SET DISKFILE-PATTERN Command Disk-File Security Commands • • A subvolume name, which might include wildcard characters and valid subvolume characters. A file name, which might include wildcard characters and valid file name characters. pattern-attribute defines a pattern attribute value for the diskfile-pattern authorization record or records being added. The pattern attributes are: OWNER [owner-id] ACCESS access-spec [ ; access-spec ] ...
SET DISKFILE-PATTERN Command Disk-File Security Commands [\node-spec.]*.* [\node-spec.]*,* (minus-sign) operates on the existing ACL entries. The minus-sign form of access-spec modifies the current default ACL. The authority entries are removed from the default ACL entries for the users specified with user-list. group-list can take either of these forms: net-group-spec ( net-group-spec [ , net-user-spec ] ... ) net-group-spec can take any of these forms: GROUP [NAME][\node-spec.
SET DISKFILE-PATTERN Command Disk-File Security Commands (minus-sign) operates on the existing ACL entries. The minus-sign form of access-spec modifies the current default ACL. The authority entries are removed from the default ACL entries for the users specified with user-list. Note. Specifying ACCESS access-spec through the ADD command does not override the current default ACL (established through the SET command).
SHOW DISKFILE Command Disk-File Security Commands AUDIT-ACCESS-FAIL [audit-spec] changes the audit-spec for unsuccessful attempts to access the diskfile pattern. The form of audit-spec is: { ALL | LOCAL | REMOTE | NONE } For a description of audit-spec, see the SET DISKFILE Command on page 8-57. Omitting audit-spec specifies NONE. AUDIT-MANAGE-PASS [audit-spec] changes the audit-spec for successful attempts to manage (change or read) a diskfile-pattern authorization record.
SHOW DISKFILE Command Disk-File Security Commands OUT listfile directs the SHOW DISKFILE report to listfile. After it executes the SHOW command, SAFECOM redirects its output to the current OUT file. For listfile, specify any file name. SAFECOM opens listfile and appends the SHOW DISKFILE report to the file. If listfile does not exist, SAFECOM creates an EDIT-format file and then writes the SHOW DISKFILE report to that file. DISKFILE specifies DISKFILE as the object type of the SHOW command.
SHOW DISKFILE Command Disk-File Security Commands AUDIT-ACCESS-PASS = a-spec AUDIT-ACCESS-FAIL = a-spec AUDIT-MANAGE-PASS = a-spec AUDIT-MANAGE-FAIL = a-spec indicate the conditions under which the Safeguard software audits attempts to access this file or to change or read its authorization record. These four fields are described under the SET DISKFILE Command on page 8-57. LICENSE = { ON|OFF } indicates whether the LICENSE attribute is set on.
SHOW DISKFILE-PATTERN Command Disk-File Security Commands Examples User 33,3 owns the disk file $DATA.MONEY.BUSNS.
THAW DISKFILE Command Disk-File Security Commands DISKFILE-PATTERN specifies DISKFILE-PATTERN as the object type for the SHOW command. Omit it if DISKFILE-PATTERN is the assumed object type. (For more information on assumed object types, see the ASSUME Command on page 4-3.) Example 1. To show the current default values for the diskfile pattern: SHOW DISKFILE-PATTERN Output appears: TYPE DISKFILE-PATTERN OWNER 20,33 AUDIT-ACCESS-PASS = NONE AUDIT-ACCESS-FAIL = NONE \*.
THAW DISKFILE-PATTERN Command Disk-File Security Commands WHERE option-list specifies that only disk files in filename-list that have LICENSE, PROGID, WARNING-MODE, TRUST ME, or TRUST SHARED set are to be thawed. option-list has the form: [ ( ] option [ OR option ] [ ) ] option can be one of: PROGID LICENSE WARNING-MODE TRUSTME (H-series only) TRUSTSHARED (H-series only) Examples The file $DATA.MONEY.BUSNS is frozen. The file owner can enter THAW DISKFILE to restore the file’s ACL: =THAW DISKFILE $data.
SAFECOM Saved Diskfile Pattern Commands Disk-File Security Commands • • • A volume name, which will include only valid volume characters; that is, wildcard characters are not part of the pattern, and if present, imply a onedimensional search. A subvolume name, which might include wildcard characters and valid subvolume characters. A file name, which might include wildcard characters and valid file name characters.
ADD SAVED-DISKFILE-PATTERN Command Disk-File Security Commands You can specify values for the disk-file attributes in the ADD SAVED-DISKFILEPATTERN command. The default values are used for any attributes not specified in the ADD SAVED-DISKFILE-PATTERN command. ADD SAVED-DISKFILE-PATTERN pattern-spec-list [ , ] [ LIKE pattern-spec | pattern-attribute ] [ , pattern-attribute ] ... pattern-spec-list is the same as the corresponding non-pattern object types.
ADD SAVED-DISKFILE-PATTERN Command Disk-File Security Commands OWNER [owner-id] specifies the new owner of the diskfile pattern. owner-id can be either of: [\*.]group-name.member-name [\*.]group-num , member-num If you omit owner-id, owner-id is set to your user ID. ACCESS access-spec [ ; access-spec ] ... changes the ACL for filename-list by adding or deleting ACL entries or by changing the authority list of a current ACL entry.
ADD SAVED-DISKFILE-PATTERN Command Disk-File Security Commands net-group-spec can take either of the following forms: GROUP [NAME][\node-spec.] group-name GROUP NUMBER [\node-spec.] node-spec has the form: * | node-name | node-number node-name specifies the system name. node-number specifies the Expand node number. adm-group-name specifies the name of the administrative group. admin-group-name specifies the group number of an administrative group. group-name specifies the name of any group.
ADD SAVED-DISKFILE-PATTERN Command Disk-File Security Commands authority-list specifies the access authorities to be granted (or denied) to user-list. authority-list can be any one of: authority ( authority [ , authority ] ... ) * authority is any one of: R[EAD] W[RITE] E[XECUTE] P[URGE] C[REATE] O[WNER] * (asterisk) specifies all the disk-file access authorities (R, W, E, P, C, and O). AUDIT-ACCESS-PASS [audit-spec] changes the audit-spec for successful attempts to access the diskfile pattern.
ALTER SAVED-DISKFILE-PATTERN Command Disk-File Security Commands AUDIT-MANAGE-FAIL [audit-spec] changes the audit-spec for unsuccessful attempts to manage (change or read) a diskfile-pattern authorization record. The form of audit-spec is: { ALL | LOCAL | REMOTE | NONE } For a description of audit-spec, see the SET DISKFILE Command on page 8-57. Omitting audit-spec specifies NONE. WARNING-MODE { ON | OFF } defines whether the warning mode is enabled for the specified diskfile pattern.
ALTER SAVED-DISKFILE-PATTERN Command Disk-File Security Commands pattern-spec-list is the same as the corresponding non-pattern object types. That is, a PATTERNSPEC-LIST is a comma-separated list of one or more PATTERN-SPEC attributes. ( pattern-spec [, pattern-spec]...). ALL instructs Safeguard to use all the wildcard characters as part of the search string, and not as part of the pattern.
ALTER SAVED-DISKFILE-PATTERN Command Disk-File Security Commands AUDIT-ACCESS-FAIL [audit-spec] AUDIT-MANAGE-PASS [audit-spec] AUDIT-MANAGE-FAIL [audit-spec] WARNING-MODE {ON|OFF} OWNER [owner-id] specifies the new owner of the disk file or files. owner-id can be either of: [\*.]group-name.member-name [\*.]group-num , member-num If you omit owner-id, owner-id is set to your user ID. ACCESS access-spec [ ; access-spec ] ...
ALTER SAVED-DISKFILE-PATTERN Command Disk-File Security Commands group-list can take either of these forms: net-group-spec ( net-group-spec [ , net-user-spec ] ... ) net-group-spec can take any of these forms: GROUP [NAME][\node-spec.] group-name GROUP NUMBER [\node-spec.] node-spec has the form: * | node-name | node-number node-name specifies the system name. node-number specifies the Expand node number. adm-group-name specifies the name of the administrative group.
ALTER SAVED-DISKFILE-PATTERN Command Disk-File Security Commands are removed from the default ACL entries for the users specified with user-list. Note. Specifying ACCESS access-spec through the ADD command does not override the current default ACL (established through the SET command). Instead, any ACL entries specified with the ADD command are added to the current default ACL, and the entire ACL is defined for the disk file whose authorization record is being added.
ALTER SAVED-DISKFILE-PATTERN Command Disk-File Security Commands AUDIT-ACCESS-FAIL [audit-spec] changes the audit-spec for unsuccessful attempts to access the diskfile pattern. The form of audit-spec is: { ALL | LOCAL | REMOTE | NONE } For a description of audit-spec, see the SET DISKFILE Command on page 8-57. Omitting audit-spec specifies NONE. AUDIT-MANAGE-PASS [audit-spec] changes the audit-spec for successful attempts to manage (change or read) a diskfile-pattern authorization record.
DELETE SAVED-DISKFILE-PATTERN Command Disk-File Security Commands • • • • • $DATA01.APLOGS.LOGAPR* $DATA1.APLOGS.LOG* $DATA123.APLOGS.LOG? $DATA.APLOGS.LOG???? $DATABLE.APLOGS.LOGON?1A DELETE SAVED-DISKFILE-PATTERN Command DELETE SAVED-DISKFILE-PATTERN deletes the pattern record for a saved-diskfilepattern. The owner of a saved-diskfile-pattern, the primary owner’s group manager, the local super ID, and any user with OWNER authority on the ACL can delete a saved-diskfilepattern authorization record.
FREEZE SAVED-DISKFILE-PATTERN Command Disk-File Security Commands can be: WARNING-MODE ALL instructs Safeguard to use all the wildcard characters as part of the search string, not as part of the pattern. Examples 1. To delete the saved-diskfile-pattern $ABC.*.*: DELETE SAVED-DISKFILE-PATTERN $ABC.*.* 2. To delete all saved-diskfile-pattern protection records that match the search pattern $ABC.*.*: DELETE SAVED-DISKFILE-PATTERN $ABC.*.
INFO SAVED-DISKFILE-PATTERN Command Disk-File Security Commands • • • A volume name, which might include wildcard characters and valid volume characters. A subvolume name, which might include wildcard characters and valid subvolume characters. A file name, which might include wildcard characters and valid file name characters. WHERE option-list specifies that only disk files in filename-list that have WARNING-MODE set are to be altered.
INFO SAVED-DISKFILE-PATTERN Command Disk-File Security Commands For listfile, specify any file name. SAFECOM opens listfile and appends the INFO report to the file. If listfile does not exist, SAFECOM creates an EDIT file by that name and writes the INFO report to that file. SAVED-DISKFILE-PATTERN specifies SAVED-DISKFILE-PATTERN as the object type for the INFO command. Omit it if SAVED-DISKFILE-PATTERN is the assumed object type.
INFO SAVED-DISKFILE-PATTERN Command Disk-File Security Commands DETAIL [ OFF ] inhibits the display of additional information for this command. The default value is DETAIL OFF. WARNINGS [ ON | OFF ] allows the display of warning messages for this command to be inhibited. WARNINGS [ ON ] causes the display of warning messages for this command. The default value is WARNINGS ON. WARNINGS [ OFF ] inhibits the display of warning messages for this command.
Disk-File Security Commands The display appears as: LAST-MODIFIED OWNER STATUS WARNING-MODE $DATA.*TEST * 28SEP04, 5:44 255,255 THAWED \KONA.PROD.CARLY \KONA.TEST.JIMMY GROUP TEST GROUP \KONA.TEST \*.*.* R R,W R,W,E,P,C R R AUDIT-ACCESS-PASS = NONE AUDIT-ACCESS-FAIL = NONE CREATION USER NAME USER TYPE USER NODE TIMESTAMP OFF AUDIT-MANAGE-PASS = NONE AUDIT-MANAGE-FAIL = NONE LAST-MODIFIED SUPER.SUPER testman USER (ID 255,255) ALIAS (ID 164,255) LOCAL LOCAL 28SEP2004, 05:28:48.
SET SAVED-DISKFILE-PATTERN Command Disk-File Security Commands pattern-attribute-keyword sets the current default value of the pattern-attribute indicated by pattern-attribute-keyword to predefined values, as follows: OWNER - User ID of the current SAFECOM user ACCESS - Null (no access control list) AUDIT-ACCESS-PASS - NONE (no auditing) AUDIT-ACCESS-FAIL - NONE (no auditing) AUDIT-MANAGE-PASS - NONE (no auditing) AUDIT-MANAGE-FAIL - NONE (no auditing) WARNING-MODE - OFF (warning mode disabled) For
SET SAVED-DISKFILE-PATTERN Command Disk-File Security Commands pattern-attribute defines a pattern attribute value for the diskfile-pattern authorization record or records being added. The pattern attributes are: OWNER [owner-id] ACCESS access-spec [ ; access-spec ] ... AUDIT-ACCESS-PASS [audit-spec] AUDIT-ACCESS-FAIL [audit-spec] AUDIT-MANAGE-PASS [audit-spec] AUDIT-MANAGE-FAIL [audit-spec] WARNING-MODE {ON|OFF} OWNER [owner-id] specifies the new owner of the diskfile pattern.
SET SAVED-DISKFILE-PATTERN Command Disk-File Security Commands (minus-sign) operates on existing ACL entries. The minus-sign form of access-spec modifies the current default ACL. The authority entries are removed from the default ACL entries for the users specified with user-list. group-list can take either of these forms: net-group-spec ( net-group-spec [ , net-user-spec ] ... ) net-group-spec can take any of these forms: GROUP [NAME][\node-spec.] group-name GROUP NUMBER [\node-spec.
SET SAVED-DISKFILE-PATTERN Command Disk-File Security Commands (minus-sign) operates on existing ACL entries. The minus-sign form of access-spec modifies the current default ACL. The authority entries are removed from the default ACL entries for the users specified with user-list. Note. Specifying ACCESS access-spec through the ADD command does not override the current default ACL (established through the SET command).
SHOW SAVED-DISKFILE-PATTERN Command Disk-File Security Commands AUDIT-ACCESS-FAIL [audit-spec] changes the audit-spec for unsuccessful attempts to access the diskfile pattern. The form of audit-spec is: { ALL | LOCAL | REMOTE | NONE } For a description of audit-spec, see the SET DISKFILE Command on page 8-57. Omitting audit-spec specifies NONE. AUDIT-MANAGE-PASS [audit-spec] changes the audit-spec for successful attempts to manage (change or read) a diskfile-pattern authorization record.
THAW SAVED-DISKFILE-PATTERN Command Disk-File Security Commands OUT listfile directs the SHOW SAVED-DISKFILE-PATTERN report to listfile. After executing the SHOW command, SAFECOM redirects its output to the current OUT file. For listfile, specify any file name. SAFECOM opens listfile and appends the SHOW report to the file. If listfile does not exist, SAFECOM creates an EDIT file by that name and writes the SHOW report to that file.
THAW SAVED-DISKFILE-PATTERN Command Disk-File Security Commands • • A subvolume name, which might include wildcard characters and valid subvolume characters. A file name, which might include wildcard characters and valid file name characters. WHERE option-list specifies that only disk files in filename-list that have WARNING-MODE set must be altered.
Disk-File Security Commands THAW SAVED-DISKFILE-PATTERN Command Safeguard Reference Manual — 520618-030 8 - 102
9 Disk Volume and Subvolume Security Commands SAFECOM volume and subvolume security commands control who can create and access disk files. The disk volume and subvolume commands also specify when the Safeguard software should audit attempts to create or read volume or subvolume authorization records. By default, only a local super-group user can add a volume authorization record to the Safeguard object database, but any user can add a subvolume authorization record.
Disk Volume and Subvolume Security Commands Subvolume Authorization Record Ownership can always be specified for all volumes protected by the Safeguard software. With an ACL in effect, the OWNER authority is always included whenever the * (asterisk) authority code is used. It can also be abbreviated as O. With the Safeguard software, the owner of a volume can also be defined as a network user.
Disk Volume and Subvolume Security Commands Volume and Subvolume Security Command Summary 1. It determines whether an authorization record exists for the volume on which the file is to be created. 2. If a volume authorization record exists, it checks the ACL to determine whether the user has the authority to create or access a file on that volume. 3. If the volume ACL does not grant the user the authority, the user’s request is rejected with a security violation (file error 48).
Disk Volume and Subvolume Security Commands Volume and Subvolume Security Command Summary Table 9-1. Disk Volume and Subvolume Security Command Summary Command Description ADD [SUB]VOLUME* Adds a volume or subvolume authorization record with the specified attribute values. The current default volume or subvolume attribute values are used for any attributes not specified in the ADD VOLUME or ADD SUBVOLUME command.
Disk Volume and Subvolume Security Commands Syntax of Disk Volume and Subvolume Security Commands Syntax of Disk Volume and Subvolume Security Commands The rest of this section contains individual syntax descriptions for the SAFECOM disk volume and subvolume security commands.
Disk Volume and Subvolume Security Commands ADD VOLUME and SUBVOLUME Commands volume-list specifies one or more disk volumes for which authorization records are to be added. volume-list can be either of: $volume ( $volume [ , $volume ] ... ) $volume can be any volume name. The name can contain wild-card characters. OBJECT-TEXT-DESCRIPTION allows you to store printable characters, which are associated with the objects, as comments. These comments can be used to manage the object authorization record.
Disk Volume and Subvolume Security Commands ADD VOLUME and SUBVOLUME Commands vol-subvol-attribute defines an attribute value for the volume or subvolume for which an authorization record is being added. The vol-subvol-attributes are: OWNER [owner-id] ACCESS access-spec [ ; access-spec ] ...
Disk Volume and Subvolume Security Commands ADD VOLUME and SUBVOLUME Commands (minus-sign) operates on existing ACL entries. The minus-sign form of access-spec modifies the current default ACL. The authority entries are removed from the default ACL entries for the users specified with user-list. group-list can take either of the following forms: net-group-spec ( net-group-spec [ , net-user-spec ] ... ) net-group-spec can take any of the following forms: GROUP [NAME][\node-spec.
Disk Volume and Subvolume Security Commands ADD VOLUME and SUBVOLUME Commands are removed from the default ACL entries for the users specified with user-list. Note. Specifying ACCESS access-spec through the ADD command does not override the current default ACL (established through the SET command). Instead, any ACL entries specified with the ADD command are added to the current default ACL, and the entire ACL is defined for the volume or subvolume whose authorization record is being added.
Disk Volume and Subvolume Security Commands ADD VOLUME and SUBVOLUME Commands The text description field can accommodate 255 bytes of text data. Note. The text specified in the text description field overwrites existing data, if any. Also, when LIKE clause is used with ADD VOLUME and SUBVOLUME command, the OBJECT-TEXT-DESCRIPTION field is not copied with other object authorization record attributes. The OBJECT-TEXT-DESCRIPTION attribute is supported only on systems running J06.
Disk Volume and Subvolume Security Commands ADD VOLUME and SUBVOLUME Commands WARNING-MODE { ON | OFF } defines whether warning mode is enabled for the specified volume or subvolume. The value is required. For more information on warning mode, see the Safeguard Administrator's Manual. ON enables warning mode for the specified volume or subvolume. The initial value is OFF, which disables warning mode for the specified volume or subvolume.
Disk Volume and Subvolume Security Commands ALTER VOLUME and SUBVOLUME Commands ALTER VOLUME and SUBVOLUME Commands ALTER VOLUME changes one or more attribute values in a volume authorization record. ALTER SUBVOLUME changes one or more attribute values in a subvolume authorization record. An owner of a volume, the primary owner’s group manager, and the super ID can change a volume authorization record.
Disk Volume and Subvolume Security Commands ALTER VOLUME and SUBVOLUME Commands subvol-name can be any subvolume name. The name can contain wild-card characters. LIKE [\system.]$volume LIKE [\system.][$volume.]subvol changes the attribute values of volume-list or subvol-list to be the same as those currently defined for the volume or subvolume specified in the LIKE attribute. If you omit \system, your current default system name is used.
Disk Volume and Subvolume Security Commands ALTER VOLUME and SUBVOLUME Commands user-list specifies users who are granted (or denied) the access authorities specified with the following authority-list. user-list can be either of: net-user-spec ( net-user-spec [ , net-user-spec ] ... ) net-user-spec can be any of these forms: [\node-spec.]adm-group-name.user-name [\node-spec.]adm-group-num , user-num [\node-spec.]adm-group-name.* [\node-spec.]adm-group-num , * [\node-spec.]*.* [\node-spec.
Disk Volume and Subvolume Security Commands ALTER VOLUME and SUBVOLUME Commands adm-group-name specifies the name of the administrative group. adm-group-num specifies the group number of an administrative group. group-name specifies the name of any group. group-num specifies the group number of any group. (minus-sign) operates on existing ACL entries. The minus-sign form of access-spec modifies the current default ACL.
Disk Volume and Subvolume Security Commands ALTER VOLUME and SUBVOLUME Commands * (asterisk) specifies all six authorities in any volume or subvolume access-specs. OBJECT-TEXT-DESCRIPTION “[any-text]” allows you to store printable characters as comments. These comments are associated with the objects and are used to manage the object authorization record. The text description field can accommodate 255 bytes of text data. Note.
Disk Volume and Subvolume Security Commands ALTER VOLUME and SUBVOLUME Commands AUDIT-MANAGE-PASS [audit-spec] changes the audit-spec for successful attempts to manage a volume or subvolume authorization record. The form of audit-spec is: { ALL | LOCAL | REMOTE | NONE } For a description of each audit-spec, see the SET VOLUME and SUBVOLUME Commands on page 9-28. Omitting audit-spec specifies NONE.
Disk Volume and Subvolume Security Commands DELETE VOLUME and SUBVOLUME Commands Examples This command transfers ownership of the RECORDS subvolume to the user with user ID 86,13 and allows all users who are members of group number 86 to create files on the subvolume and add object text description: =ALTER SUBVOLUME records, OBJECT-TEXT-DESCRIPTION “Record & altered”,OWNER 86,13, ACCESS 86,* c DELETE VOLUME and SUBVOLUME Commands DELETE VOLUME deletes a disk volume authorization record.
Disk Volume and Subvolume Security Commands FREEZE VOLUME and SUBVOLUME Commands WHERE option-list specifies that only volumes or subvolumes in filename-list that have LICENSE, PROGID, or WARNING-MODE set are to be deleted.
Disk Volume and Subvolume Security Commands FREEZE VOLUME and SUBVOLUME Commands To restore a frozen volume ACL, use the THAW VOLUME command. To restore a frozen subvolume ACL, use the THAW SUBVOLUME command. FREEZE VOLUME volume-list [ [ , ] WHERE option-list ] FREEZE SUBVOLUME subvol-list [ [ , ] WHERE option-list ] volume-list specifies one or more disk volumes that are to be frozen. volume-list can be either: $volume ( $volume [ , $volume ] ... ) $volume can be any volume name.
INFO VOLUME and SUBVOLUME Commands Disk Volume and Subvolume Security Commands Examples User PRS.HARRY is about to leave on vacation. To protect his files from tampering or loss, he suspends access to important subvolumes: =FREEZE SUBVOLUME ($data.harry, $data.hgmail,& =$data.hgsales) Now no one (except Harry and his group manager) can create files on these three subvolumes until Harry or his manager enters a THAW SUBVOLUME command.
Disk Volume and Subvolume Security Commands INFO VOLUME and SUBVOLUME Commands subvol-list specifies one or more subvolumes for which INFO reports are to be produced. subvol-list can be either: subvol-name ( subvol-name [ , subvol-name ... ] ) subvol-name can be any subvolume name. The name can contain wild-card characters. DETAIL adds the current audit-specs for the volumes or subvolumes being reported.
Disk Volume and Subvolume Security Commands INFO VOLUME and SUBVOLUME Commands LAST MODIFIED date, time indicates the date and time of the last change made to this volume or subvolume authorization record. date and time are in local civil time. OWNER owner-id is the user ID of the user who owns this volume or subvolume authorization record. STATUS status indicates the current status of this volume or subvolume. status is FROZEN or THAWED.
Disk Volume and Subvolume Security Commands INFO VOLUME and SUBVOLUME Commands group-num , member-num identifies a single local user. group-num,* identifies all the local users in the group that has group-num. *,* identifies all the local users at the node where this volume or subvolume resides. \node-spec.group-num , member-num identifies the local user who has the user ID group-num, member-num and a network user who has both the same user name and user ID as that local user. \node-spec.
INFO VOLUME and SUBVOLUME Commands Disk Volume and Subvolume Security Commands INFO VOLUME and SUBVOLUME Detailed Report The detailed INFO VOLUME and SUBVOLUME report includes the auditing specifications for the protected volume or subvolume. Figure 9-2 shows the format of the detailed INFO VOLUME and SUBVOLUME report. Figure 9-2. INFO VOLUME and SUBVOLUME Detailed Report Format LAST-MODIFIED OWNER STATUS WARNING-MODE $volume[.
RESET VOLUME and SUBVOLUME Commands Disk Volume and Subvolume Security Commands The display shows: LAST-MODIFIED OWNER STATUS WARNING-MODE $SILK.RAGS 15AUG86, 12:22 \*.086,002 086,010 086,255 \*.86,2 THAWED OFF C C C,O RESET VOLUME and SUBVOLUME Commands RESET VOLUME resets the current default values of the volume attribute values to their predefined values. RESET SUBVOLUME resets the current default subvolume attributes to their predefined values.
Disk Volume and Subvolume Security Commands RESET VOLUME and SUBVOLUME Commands Consideration • • Specifying an attribute name without a value in an ADD or ALTER command causes the attribute to be assigned the predefined default value (as defined for the RESET command).
Disk Volume and Subvolume Security Commands SET VOLUME and SUBVOLUME Commands SET VOLUME and SUBVOLUME Commands SET VOLUME establishes default values for one or more volume attributes. SET SUBVOLUME establishes default values for one or more subvolume attributes. When you add an authorization record for a volume or subvolume, the current default values for the volume or subvolume attributes are used for any attributes you do not specify in your ADD command.
Disk Volume and Subvolume Security Commands SET VOLUME and SUBVOLUME Commands If you omit owner-id, owner-id is set to your user ID (that is, the user ID of the current user). ACCESS access-spec [ ; access-spec ] ... changes the ACL for filename-list by adding or deleting ACL entries or by changing the authority list of a current ACL entry. An ACL contains as many as 50 entries that grant or deny access authorities to users and user groups.
Disk Volume and Subvolume Security Commands SET VOLUME and SUBVOLUME Commands node-spec takes this form: * | node-name | node-number node-name specifies the system name. node-number specifies the Expand node number. adm-group-name specifies the name of the administrative group. admin-group- name specifies the group number of an administrative group. group-name specifies the name of any group. group-num specifies the group number of any group. (minus-sign) operates on existing ACL entries.
Disk Volume and Subvolume Security Commands SET VOLUME and SUBVOLUME Commands authority is the authority to create and access a disk file on a volume or subvolume. authority can be any of: R[EAD] W[RITE] E[XECUTE] P[URGE] C[REATE] O[WNER] * (asterisk) all authorities in any volume or subvolume access-spec. OBJECT-TEXT-DESCRIPTION "[any-text]" allows you to store printable characters as comments. These comments are associated with the objects and are used to manage the object authorization record.
Disk Volume and Subvolume Security Commands SET VOLUME and SUBVOLUME Commands REMOTE Only successful attempts to create or access a disk file by remote users are audited. NONE No successful attempts to create or access a disk file are audited. Omitting audit-spec specifies NONE. AUDIT-ACCESS-FAIL [audit-spec] establishes an audit-spec for unsuccessful attempts to create or access a disk file on a volume or subvolume.
Disk Volume and Subvolume Security Commands SET VOLUME and SUBVOLUME Commands ALL All successful management attempts are audited. LOCAL Only successful management attempts by local users are audited. REMOTE Only successful management attempts by remote users are audited. NONE No successful management attempts are audited. Omitting audit-spec specifies NONE. AUDIT-MANAGE-FAIL [audit-spec] establishes an audit-spec for unsuccessful attempts to manage a volume or subvolume authorization record.
Disk Volume and Subvolume Security Commands SHOW VOLUME and SUBVOLUME Commands ON enables warning mode for the specified volume or subvolume. The initial value is OFF, which disables warning mode for the specified volume or subvolume. Examples These commands allow all members of group 86 (except user 86,8) to create files on a subvolume for which an authorization record is added with the specified default values.
SHOW VOLUME and SUBVOLUME Commands Disk Volume and Subvolume Security Commands SHOW VOLUME and SUBVOLUME Report Format Figure 9-3 on page 9-35 illustrates the format for the SHOW VOLUME and SHOW SUBVOLUME command display. Figure 9-3.
Disk Volume and Subvolume Security Commands THAW VOLUME and SUBVOLUME Commands [ NO ACCESS CONTROL LIST DEFINED! ] indicates no default ACL entries are defined. Use SET...ACCESS to define default ACL entries. You can also use ADD...ACCESS to define ACL entries when you create an authorization record. Caution. If you do not specify an ACL for a volume or subvolume, only the local super ID can access the volume or subvolume.
Disk Volume and Subvolume Security Commands THAW VOLUME and SUBVOLUME Commands THAW VOLUME and THAW SUBVOLUME have no effect on volumes and subvolumes that are not frozen. THAW VOLUME volume-list [ [ , ] WHERE option-list ] THAW SUBVOLUME subvol-list [ [ , ] WHERE option-list ] volume-list specifies one or more disk volumes to be thawed. volume-list can be either: $volume ( $volume [ , $volume ] ... ) $volume can be any volume name. The name can contain wild-card characters.
THAW VOLUME and SUBVOLUME Commands Disk Volume and Subvolume Security Commands This display shows: LAST-MODIFIED OWNER STATUS WARNING-MODE FROZEN OFF $DATA.DEBITS 9NOV86, 11:38 033,013 33,13 C These commands are entered: =THAW SUBVOLUME $data.debits =INFO SUBVOLUME $data.debits This display shows: LAST-MODIFIED OWNER STATUS WARNING-MODE THAWED OFF $DATA.
10 Device and Subdevice Security Commands With SAFECOM device and subdevice security commands, any user whose ID appears in the access control list (ACL) as owner of a protected device or subdevice can control access to that device or subdevice. By default, only a local super-group user can add a device or subdevice authorization record to the Safeguard object data base.
Device and Subdevice Security Commands Device and Subdevice Access Authorities to do. They are equal, in every way, to the primary owner. For example, they can modify the Safeguard authorization records for any device or subdevice they own, and they can access any device or subdevice for which they own the authorization record when that device or subdevice has been FROZEN.
Device and Subdevice Security Commands Device and Subdevice Security Command Summary \*.4,*, or \*.*,*. Otherwise, the open request is rejected with a security violation error (file error 48). An open request that has passed the Safeguard authorization check can nevertheless fail. For example, if a process attempts to open a device or subdevice already opened by another process that has exclusive access, the second open attempt fails with file error 12 (file in use).
Device and Subdevice Security Commands Syntax of Device and Subdevice Security Commands Table 10-1. Device and Subdevice Security Command Summary (page 2 of 2) Command Description SET [SUB]DEVICE Sets one or more default device or subdevice attribute values to specified values. When a device or subdevice authorization record is added, the current default device or subdevice attribute values are used for any attributes not specified in the ADD DEVICE or ADD SUBDEVICE command.
Device and Subdevice Security Commands ADD DEVICE and SUBDEVICE Commands the device attributes in your ADD DEVICE or ADD SUBDEVICE command. The current default values are used for any attributes not specified in your command. ADD DEVICE device-list [ , ] [ LIKE device-name | device-attribute ] [ , device-attribute ] ... ADD SUBDEVICE subdevice-list [ , ] [ LIKE subdevice-name | device-attribute ] [ , device-attribute ] ...
Device and Subdevice Security Commands ADD DEVICE and SUBDEVICE Commands LIKE subdevice-name adopts the existing device attribute values of subdevice-name as the attribute values to be used for the authorization record or records being added. subdevice-name identifies the subdevice whose current device-attribute values are to be assigned to the subdevice authorization record or records being added. subdevice-name can be any subdevice name.
Device and Subdevice Security Commands ADD DEVICE and SUBDEVICE Commands user-list specifies users who are granted (or denied) the access authorities specified with the following authority-list. user-list can be either: net-user-spec ( net-user-spec [ , net-user-spec ] ... ) net-user-spec can be any of: [\node-spec.]adm-group-name.user-name [\node-spec.]adm-group-num , user-num [\node-spec.]adm-group-name.* [\node-spec.]adm-group-num , * [\node-spec.]*.* [\node-spec.
Device and Subdevice Security Commands ADD DEVICE and SUBDEVICE Commands adm-group-num specifies the group number of an administrative group. group-name specifies the name of any group. group-num specifies the group number of any group. (minus-sign) operates on existing ACL entries. The minus-sign form of access-spec modifies the current default ACL. The authority entries are removed from the default ACL entries for the users specified with user-list. Note.
Device and Subdevice Security Commands ADD DEVICE and SUBDEVICE Commands OBJECT-TEXT-DESCRIPTION “[any-text]” allows you to store printable characters as comments. These comments are associated with the objects and are used to manage the object authorization record. The text description field can accommodate 255 bytes of text data. Note. The text specified in the text description field overwrites existing data, if any.
Device and Subdevice Security Commands ALTER DEVICE and SUBDEVICE Commands AUDIT-MANAGE-FAIL [audit-spec] changes the audit-spec for unsuccessful attempts to manage this device or subdevice authorization record. The form of audit-spec is: { ALL | LOCAL | REMOTE | NONE } For a description of the audit-specs, see the SET DEVICE and SUBDEVICE Commands on page 10-26. Omitting audit-spec specifies NONE. WARNING-MODE { ON | OFF } defines whether warning mode is enabled for the specified device or subdevice.
Device and Subdevice Security Commands ALTER DEVICE and SUBDEVICE Commands spec adds the new access-spec to the existing ACL. To remove authorities previously granted to users, use the minus-sign (-) form of access-spec. ALTER DEVICE device-list [ , ] { LIKE device-name | device-attribute } [ , device-attribute ] ... ALTER SUBDEVICE subdevice-list [ , ] { LIKE subdevice-name | device-attribute } [ , device-attribute ] ...
Device and Subdevice Security Commands ALTER DEVICE and SUBDEVICE Commands subdevice-name can be any subdevice name. The name can contain wild-card characters. LIKE subdevice-name adopts the existing device attribute values of subdevice-name as the attribute values to be used for the authorization record or records being altered. subdevice-name identifies the subdevice whose current subdevice-attribute values are to be assigned to the subdevice authorization record or records being changed.
Device and Subdevice Security Commands ALTER DEVICE and SUBDEVICE Commands user-list specifies users who are granted (or denied) the access authorities specified with the following authority-list. user-list can be either: net-user-spec ( net-user-spec [ , net-user-spec ] ... ) net-user-spec can be any of: [\node-spec.]adm-group-name.user-name [\node-spec.]adm-group-num , user-num [\node-spec.]adm-group-name.* [\node-spec.]adm-group-num , * [\node-spec.]*.* [\node-spec.
Device and Subdevice Security Commands ALTER DEVICE and SUBDEVICE Commands adm-group-num specifies the group number of an administrative group. group-name specifies the name of any group. group-num specifies the group number of any group. (minus-sign) operates on existing ACL entries. The minus-sign form of access-spec modifies the current default ACL. The authority entries are removed from the default ACL entries for the users specified with user-list.
Device and Subdevice Security Commands ALTER DEVICE and SUBDEVICE Commands The text description field can accommodate 255 bytes of text data. Note. The text specified in the text description field overwrites existing data, if any. Also, when LIKE clause is used with ALTER DEVICE and SUBDEVICE command, the OBJECT-TEXT-DESCRIPTION field is not copied with other object authorization record attributes.
Device and Subdevice Security Commands ALTER DEVICE and SUBDEVICE Commands AUDIT-MANAGE-FAIL [audit-spec] changes the audit-spec for unsuccessful attempts to manage this authorization record. The form of audit-spec is: { ALL | LOCAL | REMOTE | NONE } For a description of the audit-specs, see the SET DEVICE and SUBDEVICE Commands on page 10-26. Omitting audit-spec specifies NONE. WHERE WARNING-MODE specifies that only devices or subdevices in filename-list that have WARNING-MODE set are to be deleted.
DELETE DEVICE and SUBDEVICE Commands Device and Subdevice Security Commands This report shows: LAST-MODIFIED OWNER STATUS WARNING-MODE THAWED OFF $LPRINT 18SEP87, 13:48 086,001 086,002 086,003 086,008 \*.086,255 255,* \*.86,255 R,W R,W R,W R,W R,W R,W To alter the ACL for the tape device: =ALTER DEVICE $tape, ACCESS prs.harry - * ; \*.33,13 * To see the new device status: =INFO DEVICE $tape The report shows: LAST-MODIFIED OWNER STATUS WARNING-MODE $LPRINT 22SEP86, 086,001 086,003 086,008 \*.
Device and Subdevice Security Commands FREEZE DEVICE and SUBDEVICE Commands device-list specifies one or more devices for which authorization records are to be deleted. device-list can be either: device-name ( device-name [ , device-name ] ... ) device-name can be any device name. The name can contain wild-card characters. subdevice-list specifies one or more subdevices for which authorization records are to be deleted. subdevice-list can be either: subdevice-name ( subdevice-name [ , subdevice-name ...
Device and Subdevice Security Commands FREEZE DEVICE and SUBDEVICE Commands Use THAW DEVICE or SUBDEVICE to restore all the access authorities granted to users on the ACL before access was frozen. FREEZE DEVICE device-list [ [ , ] WHERE WARNING-MODE] FREEZE SUBDEVICE subdevice-list [ [ , ] WHERE WARNING-MODE] device-list specifies one or more devices for which access is to be frozen. device-list can be either: device-name ( device-name [ , device-name ] ... ) device-name can be any device name.
INFO DEVICE and SUBDEVICE Commands Device and Subdevice Security Commands Example The owner of the authorization record for the device $TTYP enters this command to suspend access to the device: =FREEZE DEVICE $ttyp INFO DEVICE and SUBDEVICE Commands INFO DEVICE and SUBDEVICE displays the attribute values currently stored in an authorization record. INFO DEVICE and SUBDEVICE produces two types of reports: brief and detailed. The formats for the two report types are illustrated following the syntax.
INFO DEVICE and SUBDEVICE Commands Device and Subdevice Security Commands subdevice-list specifies one or more subdevices for which INFO reports are to be produced. subdevice-list can be either: subdevice-name ( subdevice-name [ , subdevice-name ... ] ) subdevice-name can be any subdevice name. The name can contain wild-card characters. DETAIL adds the audit-specs defined for the device or subdevice to the INFO report.
Device and Subdevice Security Commands INFO DEVICE and SUBDEVICE Commands status is the current status of this device or subdevice. status is either FROZEN or THAWED. WARNING-MODE {ON|OFF} is the current warning-mode state of this device or subdevice. ON indicates that the protection record is in warning mode. The initial value is OFF, which indicates that warning mode is disabled for this device or subdevice. user-spec [DENY] authority-list is an entry in the ACL defined for this device or subdevice.
INFO DEVICE and SUBDEVICE Commands Device and Subdevice Security Commands [ NO ACCESS CONTROL LIST DEFINED! ] appears for a device or subdevice that has no ACL. Use ALTER DEVICE...ACCESS or ALTER SUBDEVICE...ACCESS to define ACL entries for an existing authorization record. Only the local super ID can access a device or subdevice for which no ACL is defined.
RESET DEVICE and SUBDEVICE Commands Device and Subdevice Security Commands Example A sample brief INFO DEVICE report for a line printer follows: =INFO DEVICE $lprint LAST-MODIFIED OWNER STATUS WARNING-MODE $LPRINT 18AUG86, 17:28 \*.86,255 THAWED OFF 086,002 DENY R,W 033,* R,W 086,* R,W 255,* R,W This report gives these information: • • • The owner of this device authorization record is a network user who is the manager for group 86 (with user ID 86,255).
RESET DEVICE and SUBDEVICE Commands Device and Subdevice Security Commands AUDIT-ACCESS-FAIL AUDIT-MANAGE-PASS AUDIT-MANAGE-FAIL WARNING-MODE NONE (no auditing) NONE (no auditing) NONE (no auditing) OFF (warning mode disabled) For a complete description of the device-attributes, see the SET DEVICE and SUBDEVICE Commands on page 10-26.
Device and Subdevice Security Commands SET DEVICE and SUBDEVICE Commands SET DEVICE and SUBDEVICE Commands SET DEVICE or SUBDEVICE establishes default values for one or more device attributes. When you add an authorization record, the default attribute values are used for any attributes you do not specify in your ADD DEVICE or SUBDEVICE command. To display the current default values for the attribute, use the SHOW DEVICE or SUBDEVICE command.
Device and Subdevice Security Commands SET DEVICE and SUBDEVICE Commands OWNER [owner-id] specifies the owner of an authorization record for a device or subdevice. owner-id can be either of the following: [\node-spec.]group-name.member-name [\node-spec.]group-num , member-num If you omit owner-id, owner-id is set to your user ID (the user ID of the current user). ACCESS access-spec [ ; access-spec ] ...
Device and Subdevice Security Commands SET DEVICE and SUBDEVICE Commands net-group-spec ( net-group-spec [ , net-user-spec ] ... ) net-group-spec can be any of: GROUP [NAME][\node-spec.] group-name GROUP NUMBER [\node-spec.] node-spec takes this form: * | node-name | node-number node-name specifies the system name. node-number specifies the Expand node number. adm-group-name specifies the name of the administrative group. adm-group-num specifies the group number of an administrative group.
Device and Subdevice Security Commands SET DEVICE and SUBDEVICE Commands authority-list specifies the access authorities to be granted (or denied) to user-list. authority-list can be any of: authority ( authority [ , authority ] ... ) * authority can be any of: R[EAD] W[RITE] O[WNER] * (asterisk) specifies read, write, and owner. OBJECT-TEXT-DESCRIPTION "[any-text]" allows you to store printable characters as comments.
Device and Subdevice Security Commands SET DEVICE and SUBDEVICE Commands LOCAL Only successful attempts by local users to access the device or subdevice are audited. REMOTE Only successful attempts by remote users to access the device or subdevice audited. NONE No successful attempts to access the device or subdevice are audited. Omitting audit-spec specifies NONE. AUDIT-ACCESS-FAIL [audit-spec] establishes an audit-spec for unsuccessful attempts to access a device or subdevice.
Device and Subdevice Security Commands SET DEVICE and SUBDEVICE Commands The form of audit-spec is: { ALL | LOCAL | REMOTE | NONE } ALL All successful management attempts are audited. LOCAL Only successful management attempts by local users are audited. REMOTE Only successful management attempts by remote users are audited. NONE No successful management attempts are audited. Omitting audit-spec specifies NONE.
Device and Subdevice Security Commands SHOW DEVICE and SUBDEVICE Commands WARNING-MODE { ON | OFF } defines whether warning mode is enabled for the specified device or subdevice. The value is required. For more information on warning mode, see the Safeguard Administrator's Manual. ON enables warning mode for the specified device or subdevice. The initial value is OFF, which disables warning mode for the specified device or subdevice.
SHOW DEVICE and SUBDEVICE Commands Device and Subdevice Security Commands SHOW DEVICE and SUBDEVICE Report Format The SHOW DEVICE command displays the device attributes and their current default values in the format shown in Figure 10-3. The SHOW SUBDEVICE command output is identical, except for the word SUBDEVICE in place of the word DEVICE. Figure 10-3.
THAW DEVICE and SUBDEVICE Commands Device and Subdevice Security Commands DEVICE...ACCESS or ADD SUBDEVICE...ACCESS to define ACL entries when you create an authorization record. Caution. If you do not specify an ACL, only the local super ID can access the device or subdevice.
Device and Subdevice Security Commands THAW DEVICE and SUBDEVICE Commands device-list specifies one or more devices that are to be thawed. device-list can be either: device-name ( device-name [ , device-name ] ... ) device-name can be any device name. The name can contain wild-card characters. subdevice-list specifies one or more subdevices that are to be thawed. subdevice-list can be either: subdevice-name ( subdevice-name [ , subdevice-name ... ] ) subdevice-name can be any subdevice name.
Device and Subdevice Security Commands THAW DEVICE and SUBDEVICE Commands Safeguard Reference Manual — 520618-030 10 - 36
11 Process and Subprocess Security Commands With the SAFECOM process and subprocess security commands, any user can assume ownership of a process name by adding an authorization record for that name to the Safeguard object database. After an authorization record is added for a name, all attempts to access a process or subprocess that has the protected name are subject to Safeguard authorization checks and, optionally, to Safeguard access auditing.
Process and Subprocess Security Commands Process and Subprocess Access Authorities Process and Subprocess Access Authorities The ACL for a process name can grant any combination of these access authorities to users and user groups: READ Open a process or subprocess with a protected name for input operations. WRITE Open a process or subprocess with a protected name for output operations. CREATE Create a process with a protected name.
Process and Subprocess Security Commands Stopping a Process With a Protected Name The Safeguard software distinguishes between local and remote open requests. A remote open request is one made by a process that was created by a network user logged on to a remote system. If a process is remote with respect to the process or subprocess that it is attempting to open, the opener’s PAID must identify a network user who has been granted remote access to the process or subprocess.
Process and Subprocess Security Commands Special NAMED and UNNAMED Process Protection Records another user by changing the OWNER attribute with the ALTER PROCESS or ALTER SUBPROCESS command. Because the primary owner can add owners to an ACL, that individual can specify additional ownership by the OWNER authority code for ACL entries. Such OWNER authority is an independent extension of the primary owner. Additional owners can do anything that the primary owner is permitted to do.
Process and Subprocess Security Commands Process and Subprocess Security Command Summary If you create the NAMED protection record, it is advisable to create other process protection records. For NAMED and UNNAMED records, the only valid access authorities are CREATE, PURGE, and OWNER authorities. READ and WRITE authorities are not valid. If you use these special process protection records, be sure to alter your Safeguard configuration to specify FIRST-RULE for COMBINATION-PROCESS.
Process and Subprocess Security Commands Syntax of the Process and Subprocess Security Commands Table 11-1. Process and Subprocess Security Command Summary (page 2 of 2) Command Description SET [SUB]PROCESS Sets one or more default values for the process attributes to specified values. When a process name authorization record is added, the current default values for the process or subprocess attribute values are used for any attributes not specified in the ADD PROCESS or ADD SUBPROCESS command.
Process and Subprocess Security Commands ADD PROCESS and SUBPROCESS Commands SUBPROCESS to specify the process name to which the default values are to be applied. You can also specify values for attributes in your ADD PROCESS or SUBPROCESS command. The current default values are used for any attributes not specified in the ADD PROCESS or SUBPROCESS command. ADD PROCESS process name-list [ , ] [ LIKE process-name | process-attribute ] [ , process-attribute ] ...
Process and Subprocess Security Commands ADD PROCESS and SUBPROCESS Commands subprocess name-list specifies one or more subprocesses for which authorization records are to be added. subprocess name-list can be either: subprocess-name ( subprocess-name [ , subprocess-name ... ] ) subprocess-name can be any subprocess name. The name cannot contain wild-card characters.
Process and Subprocess Security Commands ADD PROCESS and SUBPROCESS Commands access-spec has the form: user-list [-] [DENY] authority-list group-list [-] [DENY] authority-list user-list specifies users who are granted (or denied) the access authorities specified with the following authority-list. user-list can be either: net-user-spec ( net-user-spec [ , net-user-spec ] ... ) net-user-spec can be any of: [\node-spec.]adm-group-name.user-name [\node-spec.]adm-group-num , user-num [\node-spec.
Process and Subprocess Security Commands ADD PROCESS and SUBPROCESS Commands node-number specifies the Expand node number. adm-group-name specifies the name of the administrative group. adm-group-num specifies the group number of an administrative group. group-name specifies the name of any group. group-num specifies the group number of any group. (minus-sign) operates on existing ACL entries. The minus-sign form of access-spec modifies the current default ACL.
Process and Subprocess Security Commands ADD PROCESS and SUBPROCESS Commands authority is any one of: R[EAD] W[RITE] C[REATE] P[URGE] O[WNER] R and W are not valid for NAMED and UNNAMED processes. C and P are not valid for subprocesses. * (asterisk) specifies all the process authorities (R, W, C, P, and O). OBJECT-TEXT-DESCRIPTION “[any-text]” allows you to store printable characters as comments. These comments are associated with the objects and are used to manage the object authorization record.
Process and Subprocess Security Commands ADD PROCESS and SUBPROCESS Commands For a description of each audit-spec, see the SET PROCESS and SUBPROCESS Commands on page 11-28. Omitting audit-spec specifies NONE. AUDIT-MANAGE-PASS [audit-spec] changes the audit-spec for successful attempts to manage (change or read) this authorization record. The form of audit-spec is: { ALL | LOCAL | REMOTE | NONE } For a description of each audit-spec, see the SET PROCESS and SUBPROCESS Commands on page 11-28.
Process and Subprocess Security Commands ALTER PROCESS and SUBPROCESS Commands access authorities (READ, WRITE, CREATE, PURGE, and OWNER) to all members of the super group. ALTER PROCESS and SUBPROCESS Commands ALTER PROCESS or SUBPROCESS changes one or more attribute values in an authorization record. An owner of the authorization record, the primary owner’s group manager, and the super ID can change the attribute values defined for a process or subprocess name.
Process and Subprocess Security Commands ALTER PROCESS and SUBPROCESS Commands attribute, LIKE adds ACL entries or authorities only to existing entries. It does not replace or delete ACL entries or authorities. process-name identifies the process name whose current process-attribute values are to be assigned to the process authorization record or records being altered.
Process and Subprocess Security Commands ALTER PROCESS and SUBPROCESS Commands OWNER [owner-id] ACCESS access-spec [ ; access-spec ] ... OBJECT-TEXT-DESCRIPTION “[any-text]” RESET-OBJECT-TEXT-DESCRIPTION AUDIT-ACCESS-PASS [audit-spec] AUDIT-ACCESS-FAIL [audit-spec] AUDIT-MANAGE-PASS [audit-spec] AUDIT-MANAGE-FAIL [audit-spec] WHERE WARNING-MODE WARNING-MODE {ON|OFF} OWNER [owner-id] specifies the new owner of the authorization record for the process or subprocess name.
Process and Subprocess Security Commands ALTER PROCESS and SUBPROCESS Commands are removed from the default ACL entries for the users specified with user-list. group-list can be either: net-group-spec ( net-group-spec [ , net-user-spec ] ... ) net-group-spec can be any of: GROUP [NAME][\node-spec.] group-name GROUP NUMBER [\node-spec.] node-spec takes this form: * | node-name | node-number node-name specifies the system name. node-number specifies the Expand node number.
Process and Subprocess Security Commands ALTER PROCESS and SUBPROCESS Commands DENY denies the users or user groups specified with user-list the access authorities specified with authority-list. authority-list specifies the access authorities to be granted (or denied) to the user or users specified with user-list. authority-list can be any of: authority ( authority [ , authority ] ...
Process and Subprocess Security Commands ALTER PROCESS and SUBPROCESS Commands RESET-OBJECT-TEXT-DESCRIPTION Resets the object description to Null. Note. The RESET-OBJECT-TEXT-DESCRIPTION attribute is supported only on systems running J06.05 and later J-series RVUs and H06.16 and later H-series RVUs and G06.32 and later G-series RVUs. AUDIT-ACCESS-PASS [audit-spec] changes the audit-spec for successful attempts to access the process or subprocess name.
Process and Subprocess Security Commands ALTER PROCESS and SUBPROCESS Commands WHERE WARNING-MODE specifies that only processes or subprocesses in filename-list that have WARNING-MODE set are to be altered. WARNING-MODE { ON | OFF } defines whether warning mode is enabled for the specified process or subprocess. The value is required. For more information on warning mode, see the Safeguard Administrator's Manual. ON enables warning mode for the specified process or subprocess.
DELETE PROCESS and SUBPROCESS Commands Process and Subprocess Security Commands The report shows: LAST-MODIFIED OWNER STATUS WARNING-MODE 20AUG86, 13:44 33,13 THAWED OFF $JAM 033,013 \*.086,255 033,* 255,* R,W, R,W, R,W, R,W, P,C C C C This change allows the group manager for group 86 (who is possibly a network user) to read, write, or create processes with the protected process name. DELETE PROCESS and SUBPROCESS Commands DELETE PROCESS or SUBPROCESS deletes an authorization record.
Process and Subprocess Security Commands FREEZE PROCESS and SUBPROCESS Commands subprocess-name can be any subprocess name. The name can contain wild-card characters. WHERE option-list specifies that only processes or subprocesses in filename-list that have WARNING-MODE set are to be deleted.
Process and Subprocess Security Commands INFO PROCESS and SUBPROCESS Commands subprocess name-list specifies one or more subprocesses to which access is to be frozen. subprocess name-list can be either: subprocess-name ( subprocess-name [ , subprocess-name ... ] ) subprocess-name can be any subprocess name. The name can contain wild-card characters.
Process and Subprocess Security Commands INFO PROCESS and SUBPROCESS Commands Any user can produce an INFO report for any process or subprocess name. INFO [ / OUT listfile / ] PROCESS process name-list [ [ , ] DETAIL ] INFO [ / OUT listfile / ] SUBPROCESS subprocess name-list [ [ , ] DETAIL ] OUT listfile directs the INFO PROCESS or SUBPROCESS report to listfile. After executing the INFO command, SAFECOM redirects its output to the current OUT file. For listfile, specify any file name.
INFO PROCESS and SUBPROCESS Commands Process and Subprocess Security Commands INFO PROCESS and SUBPROCESS Brief Report The brief INFO PROCESS or SUBPROCESS report gives you information about the process name or names you specify. Figure 11-1 shows the format of the brief INFO PROCESS report. The format of the INFO SUBPROCESS report is similar, except that the name of the subprocess replaces the name of the process. Figure 11-1.
Process and Subprocess Security Commands INFO PROCESS and SUBPROCESS Commands user-spec has the forms: group-num , member-num group-num,* *,* \node-spec.group-num , member-num \node-spec.group-num,* \node-spec.*,* group-num, member-num identifies a single local user. group-num,* identifies all local users in the group that has group-num. *.* identifies all local users on this process name’s node. \node-spec.
INFO PROCESS and SUBPROCESS Commands Process and Subprocess Security Commands Figure 11-2. INFO PROCESS Detailed Report Format LAST-MODIFIED OWNER STATUS WARNING-MODE $process date, time owner-id status {ON|OFF} user-spec [DENY] auth-list user-spec [DENY] auth-list . . .
Process and Subprocess Security Commands • • • • • • RESET PROCESS and SUBPROCESS Commands The authorization record for this process name is owned by the group manager for group 86, and this manager is established as a network user. This record was last modified on September 22, 1986 at 12:12 p.m. User ID 33,13 can read and write to processes that have this process name, but user 33,17 is specifically denied authority to create processes that have this name.
SET PROCESS and SUBPROCESS Commands Process and Subprocess Security Commands Considerations • • Specifying an attribute name without a value in an ADD or ALTER command causes the attribute to be assigned the predefined default value (as defined for the RESET command). If you enter the RESET PROCESS or SUBPROCESS command (or RESET when the assumed object type is PROCESS or SUBPROCESS) and you do not include any process-attribute-keyword, all the attributes are returned to their predefined values.
Process and Subprocess Security Commands SET PROCESS and SUBPROCESS Commands for any attribute you do not specify with the ADD PROCESS or SUBPROCESS command. To display the current default attribute values, use the SHOW PROCESS or SUBPROCESS command. SET PROCESS process name-list [ , ] { LIKE process-name | process-attribute } [ , process-attribute ] ... SET SUBPROCESS subprocess name-list [ , ] { LIKE subprocess-name | process-attribute } [ , process-attribute ] ...
Process and Subprocess Security Commands SET PROCESS and SUBPROCESS Commands AUDIT-MANAGE-FAIL [audit-spec] WARNING-MODE {ON|OFF} OWNER [owner-id] specifies the owner of a process or subprocess name. owner-id can be either: [\node-spec.]group-name.member-name [\node-spec.]group-num , member-num If you omit owner-id, owner-id is set to the user ID of the current user. ACCESS access-spec [ ; access-spec ] ...
Process and Subprocess Security Commands SET PROCESS and SUBPROCESS Commands net-group-spec ( net-group-spec [ , net-user-spec ] ... ) net-group-spec can be any of: GROUP [NAME][\node-spec.] group-name GROUP NUMBER [\node-spec.] node-spec takes this form: * | node-name | node-number node-name specifies the system name. node-number specifies the Expand node number. adm-group-name specifies the name of the administrative group. adm-group-num specifies the group number of an administrative group.
Process and Subprocess Security Commands SET PROCESS and SUBPROCESS Commands authority-list specifies the access authorities to be granted (or denied) to the user or users specified with user-list. authority-list can be: authority ( authority [ , authority ] ... ) * authority can be any of: R[EAD] W[RITE] C[REATE] P[URGE] O[WNER] R and W are not valid for NAMED and UNNAMED processes. C and P are not valid for subprocesses. * specifies all the access authorities (R, W, C, P, and O).
Process and Subprocess Security Commands SET PROCESS and SUBPROCESS Commands The form of audit-spec is: { ALL | LOCAL | REMOTE | NONE } ALL All successful access attempts are audited. LOCAL Only successful access attempts made by local users are audited. REMOTE Only successful access attempts made by remote users are audited. NONE No successful access attempts are audited. Omitting audit-spec specifies NONE.
Process and Subprocess Security Commands SET PROCESS and SUBPROCESS Commands AUDIT-MANAGE-PASS [audit-spec] establishes an audit-spec for successful attempts to change or read an authorization record. This audit-spec specifies the conditions under which an audit record is written to the audit file when an authorization record is successfully managed. The form of audit-spec is: { ALL | LOCAL | REMOTE | NONE } ALL All successful management attempts are audited.
SET PROCESS and SUBPROCESS Commands Process and Subprocess Security Commands NONE No unsuccessful management attempts are audited. Omitting audit-spec specifies NONE. WARNING-MODE { ON | OFF } defines whether warning mode is enabled for the specified process or subprocess. The value is required. For more information on warning mode, see the Safeguard Administrator's Manual. ON enables warning mode for the specified process or subprocess.
Process and Subprocess Security Commands • • SHOW PROCESS and SUBPROCESS Commands The group manager for group 33 has READ, WRITE, and CREATE access authorities. Two auditing specifications establish that audit records are written each time any successful attempt or any local unsuccessful attempt is made to create a process that has this process name or to open or stop a process running under this process name.
SHOW PROCESS and SUBPROCESS Commands Process and Subprocess Security Commands Figure 11-3. SHOW PROCESS Report Format TYPE PROCESS OWNER gn,un WARNING-MODE {ON|OFF} OBJECT-TEXT-DESCRIPTION = AUDIT-ACCESS-PASS = a-spec AUDIT-MANAGE-PASS = a-spec AUDIT-ACCESS-FAIL = a-spec AUDIT-MANAGE-FAIL = a-spec user-spec [DENY] authority-list user-spec [DENY] authority-list . . . . . .
THAW PROCESS and SUBPROCESS Commands Process and Subprocess Security Commands SUBPROCESS...ACCESS to define ACL entries when you create an authorization record. Caution. If you do not specify an ACL for a process, only the local super ID can access the process or subprocess name. Example The SHOW PROCESS report displays the current default process attribute values during a SAFECOM session.
Process and Subprocess Security Commands THAW PROCESS and SUBPROCESS Commands process-name can be any process name or one of the special names NAMED and UNNAMED. The name can contain wild-card characters. subprocess name-list specifies one or more subprocess names to be thawed. subprocess namelist can be either: subprocess-name ( subprocess-name [ , subprocess-name ... ] ) subprocess-name can be any subprocess name. The name can contain wild-card characters.
Process and Subprocess Security Commands THAW PROCESS and SUBPROCESS Commands Safeguard Reference Manual — 520618-030 11 - 40
12 OBJECTTYPE Security Commands Safeguard OBJECTTYPE security allows a security administrator to define the user or groups of users who can add new subjects or objects to the Safeguard database. Each kind of subject and object (such as DISKFILE, DEVICE, or USER) can be given a corresponding OBJECTTYPE protection record. For example, the protection record to control adding new DISKFILEs is an entry for OBJECTTYPE DISKFILE.
OBJECTTYPE Access Authorities OBJECTTYPE Security Commands Table 12-1. Defaults for Undefined OBJECTTYPE ACLs Type of Object Who Can Place an Object Under Safeguard Control ALIAS Group manager of underlying user ID. Also must be the owner of underlying user ID or owner’s group manager.
OBJECTTYPE Security Commands Note. Starting with H06.24/J06.13 RVUs, the OBJECTTYPE USER is granted additional access permissions, WRITE (W) and PURGE (P), along with the existing CREATE (C) and OWNER (O) permissions. Members having the WRITE (W) permission on OBJECTTYPE USER can modify any subject records. Members having the PURGE (P) permission on OBJECTTYPE USER can purge any subject records. Note. Starting with H06.26/J06.
OBJECTTYPE Security Commands Syntax of OBJECTTYPE Security Commands Table 12-2. OBJECTTYPE Security Command Summary (page 2 of 2) Command Description SET OBJECTTYPE Sets OBJECTTYPE attribute values to specified default values. SHOW OBJECTTYPE Displays the current default values of the OBJECTTYPE attributes. THAW OBJECTTYPE Reenables a frozen OBJECTTYPE. Then user IDs with appropriate entries on the OBJECTTYPE ACL can create authorization records once again.
OBJECTTYPE Security Commands ADD OBJECTTYPE Command objecttype-list specifies one or more object types for which authorization records are to be added. objecttype-list can be either: objecttype-spec ( objecttype-spec [ , objecttype-spec ] ... ) objecttype-spec can be any object class or type, including OBJECTTYPE: DEVICE DISKFILE DISKFILE-PATTERN SAVED-DISCFILE-PATTERN OBJECTTYPE PROCESS SUBDEVICE SUBPROCESS SUBVOLUME USER VOLUME Note.
OBJECTTYPE Security Commands ADD OBJECTTYPE Command OWNER [owner-id] ACCESS access-spec [ ; access-spec ] ... OBJECT-TEXT-DESCRIPTION “[any-text]” AUDIT-ACCESS-PASS [audit-spec] AUDIT-ACCESS-FAIL [audit-spec] AUDIT-MANAGE-PASS [audit-spec] AUDIT-MANAGE-FAIL [audit-spec] OWNER [owner-id] specifies the new owner of the class of objects. The owner-id can be either: [\node-spec.]group-name.member-name [\node-spec.]group-num , member-num If you omit owner-id, owner-id is set to your user ID.
OBJECTTYPE Security Commands ADD OBJECTTYPE Command group-list can be either: net-group-spec ( net-group-spec [ , net-user-spec ] ... ) net-group-spec can be any of: GROUP [NAME][\node-spec.] group-name GROUP NUMBER [\node-spec.] node-spec takes this form: * | node-name | node-number node-name specifies the system name. node-number specifies the Expand node number. adm-group-name specifies the name of the administrative group. adm-group-num specifies the group number of an administrative group.
OBJECTTYPE Security Commands ADD OBJECTTYPE Command authority-list specifies the access authorities to be granted (or denied) to user-list. authority-list can be any one of: authority ( authority [ , authority ] ... ) * authority is one of the following: C[REATE] O[WNER] * (asterisk) specifies CREATE and OWNER. Note. Starting with H06.24/J06.13 RVUs, the OBJECTTYPE USER is granted additional access permissions, WRITE (W) and PURGE (P), along with the existing CREATE (C) and OWNER (O) permissions.
OBJECTTYPE Security Commands ADD OBJECTTYPE Command The text description field can accommodate 255 bytes of text data. Note. The text specified in the text description field overwrites existing data, if any. Also, when LIKE clause is used with ADD OBJECTTYPE command, the OBJECTTEXT-DESCRIPTION field is not copied with other object authorization record attributes. The OBJECT-TEXT-DESCRIPTION attribute is supported only on systems running J06.05 and later J-series RVUs and H06.
OBJECTTYPE Security Commands ALTER OBJECTTYPE Command Considerations • Additional owners can modify the authorization record. In addition to the primary owner, the primary owner’s group manager, and the local super ID, any user ID that has an ACL entry granting OWNER authority can also modify the OBJECTTYPE authorization record. • Attributes in an ADD command affect only the record added.
OBJECTTYPE Security Commands ALTER OBJECTTYPE Command objecttype-list specifies one or more object types whose existing objecttype-attribute values are to be changed. All object types specified must already have Safeguard authorization records (created with the ADD OBJECTTYPE command). objecttype-list can be either: objecttype-spec ( objecttype-spec [ , objecttype-spec ] ...
OBJECTTYPE Security Commands ALTER OBJECTTYPE Command OWNER [owner-id] ACCESS access-spec [ ; access-spec ] ... OBJECT-TEXT-DESCRIPTION “[any-text]” RESET-OBJECT-TEXT-DESCRIPTION AUDIT-ACCESS-PASS [audit-spec] AUDIT-ACCESS-FAIL [audit-spec] AUDIT-MANAGE-PASS [audit-spec] AUDIT-MANAGE-FAIL [audit-spec] OWNER [owner-id] specifies the new owner of the class of objects. The owner-id can be either: [\node-spec.]group-name.member-name [\node-spec.
OBJECTTYPE Security Commands ALTER OBJECTTYPE Command group-list can be either: net-group-spec ( net-group-spec [ , net-user-spec ] ... ) net-group-spec can be any of: GROUP [NAME][\node-spec.] group-name GROUP NUMBER [\node-spec.] node-spec takes this form: * | node-name | node-number node-name specifies the system name. node-number specifies the Expand node number. adm-group-name specifies the name of the administrative group. adm-group-num specifies the group number of an administrative group.
OBJECTTYPE Security Commands ALTER OBJECTTYPE Command authority-list specifies the access authorities to be granted (or denied) to user-list. authority-list can be any one of: authority ( authority [ , authority ] ... ) * authority is one of the following: C[REATE] O[WNER] * (asterisk) specifies CREATE and OWNER. Note. Starting with H06.24/J06.13 RVUs, the OBJECTTYPE USER is granted additional access permissions, WRITE (W) and PURGE (P), along with the existing CREATE (C) and OWNER (O) permissions.
OBJECTTYPE Security Commands ALTER OBJECTTYPE Command The text description field can accommodate 255 bytes of text data. Note. The text specified in the text description field overwrites existing data, if any. Also, when LIKE clause is used with ALTER OBJECTTYPE command, the OBJECTTEXT-DESCRIPTION field is not copied with other object authorization record attributes.
OBJECTTYPE Security Commands DELETE OBJECTTYPE Command AUDIT-MANAGE-FAIL [audit-spec] changes the audit-spec for unsuccessful attempts to manage this authorization record. The form of audit-spec is: { ALL | LOCAL | REMOTE | NONE } For a description of the audit-specs, see the SET OBJECTTYPE Command on page 12-23. Omitting audit-spec specifies NONE.
OBJECTTYPE Security Commands FREEZE OBJECTTYPE Command USER VOLUME Example As owner of the object class DEVICE, you can enter the command to delete the Safeguard authorization record for OBJECTTYPE DEVICE: =DELETE OBJECTTYPE device FREEZE OBJECTTYPE Command FREEZE OBJECTTYPE temporarily suspends the authorities granted to user IDs listed on an object-class ACL.
OBJECTTYPE Security Commands INFO OBJECTTYPE Command The local super ID also retains ownership and has all the authority of any user or group manager unless explicitly denied. Example To disable access to the object-class DEVICE, the owner enters: =FREEZE OBJECTTYPE device INFO OBJECTTYPE Command INFO OBJECTTYPE displays the attribute values currently stored in an OBJECTTYPE authorization record and produces two types of reports: brief and detailed.
INFO OBJECTTYPE Command OBJECTTYPE Security Commands SUBVOLUME USER VOLUME DETAIL adds the audit-specs defined for the object type to the INFO report. For a full description of the four audit-specs, see the SET OBJECTTYPE Command on page 12-23. INFO OBJECTTYPE Brief Report The brief INFO OBJECTTYPE report displays the attribute values currently stored for this object class. Figure 12-1 shows the format of the brief INFO OBJECTTYPE report. Figure 12-1.
OBJECTTYPE Security Commands INFO OBJECTTYPE Command user-spec [DENY] authority-list is an entry in the ACL defined for this object class. user-spec identifies a single user or user group. authority-list is a list of single-character codes that represent the access authorities granted to the user or user group identified by user-spec. DENY indicates that the access authorities specified with authority-list are specifically denied to the user or user group identified by user-spec.
INFO OBJECTTYPE Command OBJECTTYPE Security Commands NO ACCESS CONTROL LIST DEFINED! appears for an object class that has no ACL. Use ALTER OBJECTTYPE...ACCESS to define ACL entries for an existing object-class authorization record. Caution. If you do not specify an ACL for an object class, only the local super ID can add an authorization record for an object of that object class.
OBJECTTYPE Security Commands RESET OBJECTTYPE Command Example To generate a brief INFO OBJECTTYPE report for the object-class device: =INFO OBJECTTYPE device RESET OBJECTTYPE Command RESET OBJECTTYPE returns the current default OBJECTTYPE attribute values to their predefined values. When you add an authorization record for an object class, the current default OBJECTTYPE attribute values are used for any attributes you do not specify with the SET OBJECTTYPE or ADD OBJECTTYPE commands.
SET OBJECTTYPE Command OBJECTTYPE Security Commands A brief report shows: TYPE OWNER OBJECTTYPE \*.86,255 OBJECT-TEXT-DESCRIPTION = AUDIT-ACCESS-PASS = ALL AUDIT-ACCESS-FAIL = NONE 255,255 \*.086,255 086,* AUDIT-MANAGE-PASS = REMOTE AUDIT-MANAGE-FAIL = ALL C,O C,O C,O To restore the default object-class ACL to its predefined value (that is, no ACL): =RESET OBJECTTYPE ACCESS To display the new attribute values: =SHOW OBJECTTYPE A brief report shows: TYPE OWNER OBJECTTYPE \*.
OBJECTTYPE Security Commands SET OBJECTTYPE Command objecttype-spec identifies a class of objects whose existing attribute values are to become the default objecttype-attribute values. objecttype-spec can be any object-class name, including OBJECTTYPE: DEVICE DISKFILE DISKFILE-PATTERN SAVED-DISCFILE-PATTERN OBJECTTYPE PROCESS SUBDEVICE SUBPROCESS SUBVOLUME USER VOLUME objecttype-attribute defines a default value for the specified object-class attribute.
OBJECTTYPE Security Commands SET OBJECTTYPE Command user-list specifies users who are granted (or denied) the access authorities specified with the following authority-list. user-list can be either of these: net-user-spec ( net-user-spec [ , net-user-spec ] ... ) net-user-spec can be any of: [\node-spec.]adm-group-name.user-name [\node-spec.]adm-group-num , user-num [\node-spec.]adm-group-name.* [\node-spec.]adm-group-num , * [\node-spec.]*.* [\node-spec.]*,* (minus-sign) operates on existing ACL entries.
OBJECTTYPE Security Commands SET OBJECTTYPE Command adm-group-name specifies the name of the administrative group. adm-group-num specifies the group number of an administrative group. group-name specifies the name of any group. group-num specifies the group number of any group. (minus-sign) operates on existing ACL entries. The minus-sign form of access-spec modifies the current default ACL. The authority entries are removed from the default ACL entries for the users specified with user-list.
OBJECTTYPE Security Commands SET OBJECTTYPE Command Note. Starting with H06.26/J06.15 RVUs, the OBJECTTYPE DISKFILE/VOLUME/SUBVOLUME is granted additional access permissions, WRITE (W) and PURGE (P), along with the existing CREATE (C) and OWNER (O) permissions. Members having the WRITE (W) permission on OBJECTTYPE DISKFILE/VOLUME/SUBVOLUME can modify the respective DISKFILE/VOLUME/SUBVOLUME protection records.
OBJECTTYPE Security Commands SET OBJECTTYPE Command Omitting audit-spec specifies NONE. AUDIT-ACCESS-FAIL [audit-spec] establishes an audit-spec for unsuccessful attempts to add an authorization record for a specific object. This audit-spec specifies the conditions under which an audit record is written to the object-audit file. The form of audit-spec is: { ALL | LOCAL | REMOTE | NONE } ALL All unsuccessful attempts to add an authorization record are audited.
OBJECTTYPE Security Commands SET OBJECTTYPE Command NONE No successful management attempts are audited. Omitting audit-spec specifies NONE. AUDIT-MANAGE-FAIL [audit-spec] establishes an audit-spec for unsuccessful attempts to manage an objecttype-authorization record. This audit-spec specifies the conditions under which an audit record is written to the audit file when an attempt to manage an OBJECTTYPE authorization record fails.
SHOW OBJECTTYPE Command OBJECTTYPE Security Commands • All members of groups 33, 86, and 255 can create and own the object type (except user PRS.HARRY, who is specifically denied access to the object type). SHOW OBJECTTYPE Command SHOW OBJECTTYPE displays the current default values for the OBJECTTYPE attributes. SHOW [ / OUT listfile / ] OBJECTTYPE OUT directs the SHOW OBJECTTYPE report to listfile. After it executes the SHOW command, SAFECOM redirects its output to the current OUT file.
SHOW OBJECTTYPE Command OBJECTTYPE Security Commands AUDIT-ACCESS-PASS = a-spec AUDIT-ACCESS-FAIL = a-spec AUDIT-MANAGE-PASS = a-spec AUDIT-MANAGE-FAIL = a-spec are the conditions under which the Safeguard software will audit attempts to create authorization records for any specific objects and attempts to manage this authorization record. For more information about these fields for audit-spec, see the SET OBJECTTYPE Command on page 12-23.
OBJECTTYPE Security Commands • THAW OBJECTTYPE Command The users with user IDs 33,13 and 255,18 as well as the group manager for group 33 have CREATE and OWNER authorities for the authorization record to be created for this object class. THAW OBJECTTYPE Command THAW OBJECTTYPE reenables the ACL for a frozen object class. The authority granted the user is reinstated. The primary owner, the primary owner’s group manager, and the local super ID can thaw a frozen object class.
13 Security Group Commands Safeguard security group commands allow a security administrator to define security groups of users who can execute certain restricted commands. The security group commands are similar to OBJECTTYPE commands. Note. In prior product versions, the Safeguard security groups were managed by GROUP commands. GROUP commands are now used to manage file-sharing groups, as described in Section 7, Group Commands.
Security Group Commands Members of the SECURITY-ADMINISTRATOR security group can execute these restricted commands: ALTER SAFEGUARD STOP SAFEGUARD ADD EVENT-EXIT-PROCESS ALTER EVENT-EXIT-PROCESS DELETE EVENT-EXIT-PROCESS ADD AUDIT POOL ALTER AUDIT POOL ALTER AUDIT SERVICE DELETE AUDIT POOL SELECT ADD TERMINAL ALTER TERMINAL DELETE TERMINAL FREEZE TERMINAL THAW TERMINAL Members of the SYSTEM-OPERATOR security group can execute these restricted commands: ADD AUDIT POOL ALTER AUDIT POOL DELETE AUDIT POOL NEXT
Security Group Access Authorities Security Group Commands The SECURITY-AUDITOR security group designates a list of users, who are not SUPER.SUPER, record owner or record owner's group manager to view the subject and group records. Users who are part of this group will have read only privileges for the subject and group records.
Syntax of Security Group Commands Security Group Commands Table 13-1. Security-Group Command Summary (page 2 of 2) Command Description FREEZE SECURITYGROUP Temporarily disables authorities granted to users who have security group access. Only the owners of a security group authorization record, the primary owner’s group manager, and the local super ID can execute the restricted commands. INFO SECURITYGROUP Displays the existing attribute values of a security group authorization record.
ADD SECURITY-GROUP Command Security Group Commands You can specify values for the security group attributes in the ADD SECURITYGROUP command. The current default values are used for any attributes not specified. These default values are established with the SET command. ADD SECURITY-GROUP sec-group-list [ , ] [ LIKE sec-group-spec | sec-group-attribute ] [ , sec-group-attribute ] ... sec-group-list specifies one or more security groups for which an authorization record is to be added.
ADD SECURITY-GROUP Command Security Group Commands OWNER [owner-id] ACCESS access-spec [ ; access-spec ] ... OBJECT-TEXT-DESCRIPTION “[any-text]” AUDIT-ACCESS-PASS [audit-spec] AUDIT-ACCESS-FAIL [audit-spec] AUDIT-MANAGE-PASS [audit-spec] AUDIT-MANAGE-FAIL [audit-spec] OWNER [owner-id] specifies the new owner of this security group authorization record. The owner-id can be either: [\node-spec.]group-name.member-name [\node-spec.]group-num , member-num If you omit owner-id, owner-id is set to your user ID.
ADD SECURITY-GROUP Command Security Group Commands group-list can be either: net-group-spec ( net-group-spec [ , net-user-spec ] ... ) net-group-spec can be any of: GROUP [NAME][\node-spec.] group-name GROUP NUMBER [\node-spec] node-spec takes this form: * | node-name | node-number node-name specifies the system name. node-number specifies the Expand node number. adm-group-name specifies the name of the administrative group. adm-group-num specifies the group number of an administrative group.
ADD SECURITY-GROUP Command Security Group Commands authority-list specifies the access authorities to be granted (or denied) to user-list. authority-list can be either: authority ( authority [ , authority ] ... ) authority is either: E[XECUTE] O[WNER] OBJECT-TEXT-DESCRIPTION “[any-text]” allows you to store printable characters as comments. These comments are associated with the objects and are used to manage the object authorization record.
ADD SECURITY-GROUP Command Security Group Commands AUDIT-MANAGE-FAIL [audit-spec] changes the audit-spec for unsuccessful attempts to manage this authorization record. The form of audit-spec is: { ALL | LOCAL | REMOTE | NONE } For a description of the audit-specs, see the SET SECURITY-GROUP Command on page 13-25. Omitting audit-spec specifies NONE. Note. Specifying ACCESS access-spec with ADD SECURITY-GROUP does not override the current default ACL (established with SET SECURITY-GROUP).
ALTER SECURITY-GROUP Command Security Group Commands OWNER SUPER.TEST,& AUDIT-ACCESS NONE,& AUDIT-MANAGE-PASS ALL,& ACCESS TEST1.USER1 (E,O); TEST1.USER2 (E); TEST1.USER3(O) You can add the SECURITY-PRV-ADMINISTRATOR security group protection record: =ADD SECURITY-GROUP SECURITY-PRV-ADMINISTRATOR, ACCESS SECGRP.* (E) You can add the SECURITY-AUDITOR security group protection record: =ADD SECURITY-GROUP SECURITY-AUDITOR, ACCESS SECGRP.
ALTER SECURITY-GROUP Command Security Group Commands sec-group-list can be either: sec-group-spec ( sec-group-spec [ , sec-group-spec ] ... ) sec-group-spec can be either: SECURITY-ADMINISTRATOR SYSTEM-OPERATOR SECURITY-OSS-ADMINISTRATOR SECURITY-PRV-ADMINISTRATOR SECURITY-AUDITOR SECURITY-MEDIA-ADMIN SECURITY-PERSISTENCE-ADMIN LIKE sec-group-spec changes the attribute values of sec-group-list to the same as the existing attribute values for sec-group-spec.
ALTER SECURITY-GROUP Command Security Group Commands ACCESS access-spec [ ; access-spec ] ... changes the ACL for filename-list by adding or deleting ACL entries or by changing the authority list of a current ACL entry. An ACL contains as many as 50 entries that grant or deny access authorities to users and user groups.
ALTER SECURITY-GROUP Command Security Group Commands * | node-name | node-number node-name specifies the system name. node-number specifies the Expand node number. adm-group-name specifies the name of the administrative group. adm-group-num specifies the group number of an administrative group. group-name specifies the name of any group. group-num specifies the group number of any group. (minus-sign) operates on existing ACL entries. The minus-sign form of access-spec modifies the current default ACL.
ALTER SECURITY-GROUP Command Security Group Commands OBJECT-TEXT-DESCRIPTION “[any-text]” allows you to store printable characters as comments. These comments are associated with the objects and are used to manage the object authorization record. The text description field can accommodate 255 bytes of text data. Note. The text specified in the text description field overwrites existing data, if any.
ALTER SECURITY-GROUP Command Security Group Commands AUDIT-MANAGE-FAIL [audit-spec] changes the audit-spec for unsuccessful attempts to manage this authorization record. The form of audit-spec is: { ALL | LOCAL | REMOTE | NONE } For a description of the audit-specs, see the SET SECURITY-GROUP Command on page 13-25. Omitting audit-spec specifies NONE.
DELETE SECURITY-GROUP Command Security Group Commands DELETE SECURITY-GROUP Command DELETE SECURITY-GROUP deletes a security group authorization record. After a security group authorization record is deleted, members of the local super group are the only users who can execute the commands restricted to that security group. DELETE SECURITY-GROUP sec-group-list sec-group-list specifies one or more security groups for which authorization records are to be deleted.
FREEZE SECURITY-GROUP Command Security Group Commands To delete the SECURITY-PERSISTENCE-ADMIN security group protection record, use the following command: =DELETE SECURITY-GROUP SECURITY-PERSISTENCE-ADMIN FREEZE SECURITY-GROUP Command FREEZE SECURITY-GROUP temporarily suspends the authorities granted to user IDs listed on a security group ACL.
INFO SECURITY-GROUP Command Security Group Commands The SECURITY-OSS-ADMINISTRATOR security group can be frozen by the primary owner or by any user with OWNER authority on the access control list for the group.
INFO SECURITY-GROUP Command Security Group Commands sec-group-list specifies the security group for which INFO reports are to be produced. sec-group-list can be either: sec-group-spec ( sec-group-spec [ , sec-group-spec ] ... ) sec-group-spec can be either: SECURITY-ADMINISTRATOR SYSTEM-OPERATOR SECURITY-OSS-ADMINISTRATOR SECURITY-PRV-ADMINISTRATOR SECURITY-AUDITOR SECURITY-MEDIA-ADMIN SECURITY-PERSISTENCE-ADMIN DETAIL adds the audit-specs defined for the security group to the INFO report.
INFO SECURITY-GROUP Command Security Group Commands LAST MODIFIED TIME date, time is the date and time of the last change made to this security group authorization record. date and time are in local civil time. OWNER owner-id is the user ID of the person who owns this security group authorization record. STATUS status is the current status of this security group. status is either FROZEN or THAWED. user-spec [DENY] authority-list is an entry in the ACL defined for this security group.
INFO SECURITY-GROUP Command Security Group Commands NO ACCESS CONTROL LIST DEFINED! appears for a security group that has no ACL. Use ALTER SECURITY-GROUP . . . ACCESS to define ACL entries for an existing security group authorization record. Caution. If you do not specify an ACL for a security group, only the local super ID can execute commands restricted to that security group.
INFO SECURITY-GROUP Command Security Group Commands Example To generate a brief INFO SECURITY-GROUP report for the group SECURITYADMINISTRATOR: =INFO SECURITY-GROUP security-administrator The report shows: LAST-MODIFIED SECURITY-ADMINISTRATOR 18AUG86, 17:28 OWNER STATUS \*.86,255 THAWED 086,002 DENY E,O 033,* E,O 086,* E,O 255,* E,O The report shows that: • • • The owner of this security group authorization record is a network user who is the manager for group 86 (with user ID 86,255).
RESET SECURITY-GROUP Command Security Group Commands To display the SECURITY-AUDITOR security group protection record: =DISPLAY USER AS NAME To verify the results: =INFO SECURITY-GROUP SECURITY-AUDITOR LAST-MODIFIED OWNER STATUS 1MAY10, 13:20 SUPER.SUPER THAWED SECURITY-AUDITOR GROUP \*.
RESET SECURITY-GROUP Command Security Group Commands When you add an authorization record for a security group, the current default group attribute values are used for any attributes you do not specify with the SET SECURITY-GROUP or ADD SECURITY-GROUP commands. RESET SECURITY-GROUP [ [ , ] sec-group-attribute-keyword ] [ , sec-group-attribute-keyword ] ... group-attribute-keyword sets the current default value of the specified attribute to its predefined value.
SET SECURITY-GROUP Command Security Group Commands To display the new attribute values: =SHOW SECURITY-GROUP A brief report shows: TYPE SECURITY-GROUP OWNER \*.86,255 OBJECT-TEXT-DESCRIPTION = AUDIT-ACCESS-PASS = ALL AUDIT-ACCESS-FAIL = NONE AUDIT-MANAGE-PASS = REMOTE AUDIT-MANAGE-FAIL = ALL NO ACCESS CONTROL LIST DEFINED! SET SECURITY-GROUP Command SET SECURITY-GROUP establishes default values for one or more security group attributes.
SET SECURITY-GROUP Command Security Group Commands sec-group-attribute defines a default value for the specified group attribute. The sec-groupattribute values are: OWNER [owner-id] ACCESS access-spec [ ; access-spec ] ... OBJECT-TEXT-DESCRIPTION "[any-text]" AUDIT-ACCESS-PASS [audit-spec] AUDIT-ACCESS-FAIL [audit-spec] AUDIT-MANAGE-PASS [audit-spec] AUDIT-MANAGE-FAIL [audit-spec] OWNER [owner-id] specifies the owner of a security group. owner-id can be either: [\node-spec.]group-name.
SET SECURITY-GROUP Command Security Group Commands (minus-sign) operates on existing ACL entries. The minus-sign form of access-spec modifies the current default ACL. The authority entries are removed from the default ACL entries for the users specified with user-list. group-list can be either: net-group-spec ( net-group-spec [ , net-user-spec ] ... ) net-group-spec can be any of: GROUP [NAME][\node-spec.] group-name GROUP NUMBER [\node-spec.
SET SECURITY-GROUP Command Security Group Commands are removed from the default ACL entries for the users specified with user-list. DENY denies the user IDs or user groups specified with user-list the access authorities specified with authority-list. authority-list specifies the access authorities granted (or denied) to user-list. authority-list can be any of: authority ( authority [ , authority ] ... ) * authority can be either: E[XECUTE] O[WNER] * (asterisk) specifies both EXECUTE and OWNER.
SET SECURITY-GROUP Command Security Group Commands AUDIT-ACCESS-FAIL [audit-spec] establishes an audit-spec for unsuccessful attempts to execute a restricted command. You need not to specify AUDIT-ACCESS-FAIL because the Safeguard software automatically audits all attempts to execute restricted commands. AUDIT-MANAGE-PASS [audit-spec] establishes an audit-spec for successful attempts to manage a security group-authorization record.
SET SECURITY-GROUP Command Security Group Commands REMOTE Only unsuccessful management attempts made by remote users are audited. NONE No unsuccessful management attempts are audited. Omitting audit-spec specifies NONE. Example These commands define default values for a new security group: =SET SECURITY-GROUP OWNER prs.manager =SET SECURITY-GROUP AUDIT-ACCESS-PASS all, & =AUDIT-MANAGE-PASS local =SET SECURITY-GROUP ACCESS 33,* (e,o); (86,*, 255,*) * =SET SECURITY-GROUP ACCESS prs.
SHOW SECURITY-GROUP Command Security Group Commands To set all SECURITY-GROUP protection record attributes like those set in the SECURITY-PERSISTENCE-ADMIN security group, use the following command: =SET SECURITY-GROUP LIKE SECURITY-PERSISTENCE-ADMIN SHOW SECURITY-GROUP Command SHOW SECURITY-GROUP displays the current default values for the SECURITYGROUP attributes. SHOW [ / OUT listfile / ] SECURITY-GROUP OUT directs the SHOW SECURITY-GROUP report to listfile.
SHOW SECURITY-GROUP Command Security Group Commands AUDIT-ACCESS-PASS = a-spec AUDIT-ACCESS-FAIL = a-spec AUDIT-MANAGE-PASS = a-spec AUDIT-MANAGE-FAIL = a-spec are the conditions under which the Safeguard software will audit attempts to execute restricted commands and attempts to manage this authorization record. For more information about these fields for audit-spec, see the SET SECURITYGROUP Command on page 13-25. user-spec [DENY] authority-list is a current default ACL entry for the security group.
THAW SECURITY-GROUP Command Security Group Commands • The users with user IDs 33,13 and 255,18 as well as the group manager for group 33 have EXECUTE and OWNER authorities for the authorization record to be created for this security group. THAW SECURITY-GROUP Command THAW SECURITY-GROUP reenables the ACL for a frozen security group. The authorities granted the users on the ACL are reinstated.
THAW SECURITY-GROUP Command Security Group Commands The display shows: LAST-MODIFIED SECURITY-OSS-ADMINISTRATOR 14MAR06, 1:29 240,001 240,002 240,003 255,025 OWNER STATUS 255,255 THAWED E O O O E E The SECURITY-PRV-ADMINISTRATOR security group can be thawn by the primary owner or by any user with OWNER authority on the access control list for the group.
THAW SECURITY-GROUP Command Security Group Commands To verify the results: =INFO SECURITY-GROUP SECURITY-MEDIA-ADMIN The display shows: LAST-MODIFIED SECURITY-MEDIA-ADMIN 14FEB13, 1:29 240,001 240,002 240,003 255,025 OWNER 255,255 STATUS THAWED E E E O O O The SECURITY-PERSISTENCE-ADMIN security group can be thawed by the primary owner or by any user with OWNER authority on the access control list for the group.
Security Group Commands THAW SECURITY-GROUP Command Safeguard Reference Manual — 520618-030 13 - 36
14 Terminal Security Commands The terminal commands allow a security administrator to add and manage terminal definition records. When you add a terminal definition record, the Safeguard software takes control of the logon dialog at that terminal. When you define a terminal, you can also specify a particular command interpreter to be started automatically at the terminal after user authentication. Terminal definitions can be added selectively for some or all of the terminals on your system.
Syntax of Terminal Commands Terminal Security Commands Table 14-1. Terminal Command Summary (page 2 of 2) Command Description FREEZE TERMINAL Temporarily disables a terminal from accepting the LOGON command. INFO TERMINAL Displays the existing attribute values in a terminal definition record. THAW TERMINAL Reenables a frozen terminal so that it accepts the LOGON command. Syntax of Terminal Commands The remainder of this section describes each terminal command in detail.
ADD TERMINAL Command Terminal Security Commands terminal-name specifies the terminal to be controlled by the Safeguard software. terminalname is a network name with the following form: [\system.]$device[.#subdevice] If you omit \system, your current default system name is used. If you omit #subdevice, no subdevice name is assumed. LIKE terminal-name adopts the existing terminal definition for terminal-name as the definition for the terminal being added in this command.
ADD TERMINAL Command Terminal Security Commands If you omit lib-filename, no library file is used. CPU [cpu-number | ANY] specifies the number of the CPU in which the command interpreter is to run. If you specify ANY, any CPU will be used. If you omit cpu-number, any CPU will be used. PNAME [process-name] specifies the process name to be assigned to the command interpreter started at this terminal after user authentication. process-name must be a local process name.
ADD TERMINAL Command Terminal Security Commands • • • When you add a terminal on a remote system (\system.device), you must ensure that the terminal is completely accessible to the super ID. For example, the appropriate remote passwords must be established, and the terminal must not have an ACL that denies access to the super ID. If you specify a PNAME, be sure it is unique for each terminal. For this reason, LIKE does not include the PNAME attribute.
ALTER TERMINAL Command Terminal Security Commands ALTER TERMINAL Command The ALTER TERMINAL command changes one or more terminal attribute values in a terminal definition record. You can specify only one terminal name in an ALTER TERMINAL command, but that name can contain wild-card characters. If you have defined a SECURITY-ADMINISTRATOR security group, only members of that group can use the ALTER terminal command.
DELETE TERMINAL Command Terminal Security Commands For a complete description of each terminal attribute, see the ADD TERMINAL Command on page 14-2. Considerations • If you specify a PNAME attribute, be sure is unique for each terminal. For this reason, LIKE does not include the PNAME attribute. Examples The following command alters the terminal definition for the terminal $TFOX.#T009.
FREEZE TERMINAL Command Terminal Security Commands Examples To delete the terminal definition record for terminal $TCO2.#A14: =DELETE TERMINAL $tc02.#a14 FREEZE TERMINAL Command The FREEZE TERMINAL command freezes a terminal definition record so that the logon dialog at that terminal becomes disabled. Only one terminal name can be specified in a FREEZE TERMINAL command, but that name can contain wild-card characters.
INFO TERMINAL Command Terminal Security Commands Any user can execute the INFO TERMINAL command. INFO [ / OUT listfile / ] TERMINAL [ , ] terminal-spec TERMINAL specifies TERMINAL as the object type of the INFO command. Omit this option if TERMINAL is the assumed object type. (For more information on assumed object types, see the ASSUME Command on page 4-3.) OUT directs the INFO TERMINAL report to listfile. After it executes the INFO command, SAFECOM redirects its output to the current OUT file.
THAW TERMINAL Command Terminal Security Commands PROG = prog-filename is the name of the object file of the command interpreter started at this terminal. LIB lib-filename is the name of the library file used with the command interpreter. CPU { cpu-number | ANY } is the number of the CPU in which the command interpreter runs. PNAME process-name is the process name assigned to the command interpreter that runs at this terminal. SWAP $vol[.subvol.
THAW TERMINAL Command Terminal Security Commands If you have defined SECURITY-ADMINISTRATOR and SYSTEM-OPERATOR security groups, use of THAW TERMINAL is restricted to the members of those security groups. THAW TERMINAL terminal-spec TERMINAL specifies TERMINAL as the object type of the THAW command. Omit this option if TERMINAL is the assumed object type. (For more information on assumed object types, see the ASSUME Command on page 4-3.
THAW TERMINAL Command Terminal Security Commands Safeguard Reference Manual — 520618-030 14 - 12
15 Event-Exit-Process Commands The event-exit-process commands allow a security administrator to configure and manage the security event exit process. A security event-exit process is a user-written process that is allowed to participate in security policy enforcement. Depending on how the event-exit process is configured, the Safeguard subsystem passes it requests for authorization, authentication, and password changes.
ADD EVENT-EXIT-PROCESS Command Event-Exit-Process Commands • • • • The command syntax, including descriptions of the command parameters and variables The format for any command listing or report Considerations for the use of the command Examples of command usage In addition, this section contains these information about the event-exit process: • • The format of interprocess messages exchanged between the Safeguard subsystem and the event-exit process Programming considerations for writing an event-exi
ADD EVENT-EXIT-PROCESS Command Event-Exit-Process Commands CPU [ cpu-number | ANY ] PRI [ priority ] PARAM-TEXT [ startup-param-text ] ENABLED { ON | OFF } defines whether the security event exit is enabled. ON indicates that the event exit is enabled and that the Safeguard software is to start the event-exit process and send designated security event messages to the process.
ADD EVENT-EXIT-PROCESS Command Event-Exit-Process Commands Locally authenticated super-group members are treated as undeniable and all other users are considered as deniable. Note. The TIMEOUT-ALL-AUTHZREQ attribute is supported only on systems running H06.26 and later H-series RVUs and J06.15 and later J-series RVUs. ENABLE-AUTHENTICATION-EVENT { ON | OFF } specifies whether authentication events are to be sent to the event-exit process.
ADD EVENT-EXIT-PROCESS Command Event-Exit-Process Commands The default value is no object program file. If you omit this attribute, it is set to the default value. If the ENABLED attribute is set to ON and an attempt is made to set this attribute to null, the command is rejected. The ENABLED attribute must be set to OFF before this field can be set to null. LIB [lib-filename] specifies the library file to be used with the event-exit process. lib-filename must be a local file name.
ALTER EVENT-EXIT-PROCESS Command Event-Exit-Process Commands PARAM-TEXT [startup-param-text] specifies up to 255 characters of data to be supplied as the startup message text for the event-exit process. If you specify the PARAM-TEXT attribute, it must be the last attribute in the command string. The default value is no text. If you omit this attribute, it is set to the default value. Note. Startup message text is commonly used to specify a backup CPU.
ALTER EVENT-EXIT-PROCESS Command Event-Exit-Process Commands exit-attribute specifies the name of the event-exit attribute to be changed. The exitattributes are: ENABLED { ON | OFF } RESPONSE-TIMEOUT [ n [ SECONDS ] ] TIMEOUT-ALL-AUTHZREQ { ON | OFF } ENABLE-AUTHENTICATION-EVENT { ON | OFF } ENABLE-AUTHORIZATION-EVENT { ON | OFF } ENABLE-PASSWORD-EVENT { ON | OFF } PROG [ prog-filename ] LIB [ lib-filename ] SWAP [ $vol [ subvol.
ALTER EVENT-EXIT-PROCESS Command Event-Exit-Process Commands If a timeout occurs and the request is for a authorization event from a deniable user, the user waits indefinitely with no approval or denial. If a timeout occurs and the request is for authentication by any user, the request is denied. The default value is five seconds. A null entry resets the value to the default value. TIMEOUT-ALL-AUTHZREQ { ON | OFF } specifies whether authorization request from a deniable user will be timed out.
ALTER EVENT-EXIT-PROCESS Command Event-Exit-Process Commands PROG [prog-filename] specifies the name of the object program file to be run when the ENABLED attribute is set to ON. It must be a local file name. prog-filename must be specified before the ENABLED attribute can be set to ON. The default value is no object program file. A null entry resets the value to the default value. If an attempt is made to set this field to null and the ENABLED attribute is set to ON, the command is rejected.
DELETE EVENT-EXIT-PROCESS Command Event-Exit-Process Commands PARAM-TEXT [startup-param-text] specifies up to 255 characters of data to be supplied as the startup message text for the event-exit process. If you specify the PARAM-TEXT attribute, it must be the last attribute in the command string. The default value is no text. A null entry resets the value to the default value. Considerations • • • The event-exit process must be multithreaded and must perform NOWAITED I/O. Do not specify $SYSTEM.SYSTEM.
INFO EVENT-EXIT-PROCESS Command Event-Exit-Process Commands Examples 1. To delete the configuration record for the event-exit process LOGON1: =DELETE EVENT-EXIT-PROC logon1 INFO EVENT-EXIT-PROCESS Command The INFO EVENT-EXIT-PROCESS command shows the event-exit attributes stored in the specified event-exit configuration record. Only one event-exit name can be specified in an INFO EVENT-EXIT-PROCESS command. Any user can execute the INFO EVENT-EXIT-PROCESS command.
INFO EVENT-EXIT-PROCESS Command Event-Exit-Process Commands RESPONSE-TIMEOUT = n SECONDS is the maximum number of seconds that the Safeguard software waits for the event-exit process to respond to an event. TIMEOUT-ALL-AUTHZREQ = { ON | OFF } indicates whether Safeguard will time out while waiting for response from SEEP on authorization events requested by deniable users. Note. The TIMEOUT-ALL-AUTHZREQ attribute is supported only on systems running H06.26 and later H-series RVUs and J06.
Interprocess Communication Messages Event-Exit-Process Commands Examples To display the event-exit attributes for an event-exit process that is enabled: =INFO EVENT-EXIT-PROCESS logon1 EVENT-EXIT-PROCESS = LOGON1 ENABLED = ON RESPONSE-TIMEOUT= 15 SECONDS TIMEOUT-ALL-AUTHZREQ = ON ENABLE-AUTHENTICATION-EVENT = ON ENABLE-AUTHORIZATION-EVENT = ON ENABLE-PASSWORD-EVENT = OFF PROG = $DEV.SECURE.
Interprocess Communication Messages Event-Exit-Process Commands Figure 15-2. Event-Exit-Process Message Buffer Request Message From Safeguard Subsystem 0 Reply Message From Event-Exit Process 0 Header_Data ... Offset to Subject_Data Offset to Message_Data Header_Data ... Subject_Data ... Message_Response_Data ... Offset to Message_ Response_Data Message_Data ... VST001.vsd Table 15-2 shows the structure of the header data sent from the Safeguard subsystem to the event-exit process.
Interprocess Communication Messages Event-Exit-Process Commands Table 15-2. Header_Data (page 1 of 2) Base INT[0:-1] The base from which the offsets to other data areas are calculated. Base indicates the allocation of a placeholder, not data. It is used for reference for all offsets and VAR-STRING fields within the messages. Event_Type INT An enumeration describing the type of Message_Data in the message. Valid message types are Access_Control, Logon, Password Quality, and Logon^Abort.
Interprocess Communication Messages Event-Exit-Process Commands Table 15-2. Header_Data (page 2 of 2) Message_Tag INT(32) Indicates continuity of ongoing dialog for challenge/response or password dialog interactions. The initial value is 0. This field is filled in by the event-exit process so that it can identify different events when it is handling multiple message dialogs. Safeguard preserves the message tag and returns it to the event exit in subsequent messages during ongoing dialog.
Interprocess Communication Messages Event-Exit-Process Commands Table 15-3 on page 15-17shows the structure of the subject data sent from the Safeguard subsystem to the event-exit process. This subject data is always present. It is not returned by the event-exit process. Table 15-3. Subject_Data (page 1 of 2) UserName VARSTRING The subject’s user name, in external format. UserID INT(32) The user ID associated with the user name.
Interprocess Communication Messages Event-Exit-Process Commands Table 15-3. Subject_Data (page 2 of 2) AuthNode INT(32) Last authenticated node number for a remote subject, zero otherwise. Valid only if associated AuthNodeValid is set (True). GroupList VARSTRING The list of groups of which this subject is a member. Currently, the subject’s administrative group is the only group in this list. AuthNodeValid BOOLEAN True indicates the field AuthNode contains a valid remote node value.
Interprocess Communication Messages Event-Exit-Process Commands Table 15-4. Access_Data (Access Control Message_Data) (page 2 of 2) Altervalid INT Used by requests for ChangeOwner (GIVE), PROGID, and LICENSE. These three requests can be present in one physical request. One bit is set for each of the three requests. The value is 0 if none of the three are present.
Interprocess Communication Messages Event-Exit-Process Commands Table 15-5. Logon_Data (Logon Message_Data Interactive/Programmatic) (page 1 of 2) Dialogue_Possible BOOLEAN True indicates that the request came from a process that is calling USER_AUTHENTICATE_ and is capable of engaging in dialog with the event-exit process. False indicates that the requestor cannot understand anything except Yes or No (from VERIFYUSER or from callers of USER_AUTHENTICATE_ that cannot handle a dialog).
Interprocess Communication Messages Event-Exit-Process Commands Table 15-5. Logon_Data (Logon Message_Data Interactive/Programmatic) (page 2 of 2) Logon_Name_Phrase VARSTRING The user name string typed by the user. If the user entered a password, also includes the password phrase, separated from the name by a comma. Maximum length is 256 bytes. This is the string from which the Logon_Name and Logon_UserID are decomposed. The field is present only when the caller is USER_AUTHENTICATE_.
Interprocess Communication Messages Event-Exit-Process Commands USER, ALTER USER, ADD ALIAS, or ALTER ALIAS commands. The event-exit process does not return this data in its response. Table 15-6. Password_Change_Data (Change Message_Data from PASSWORD Program) Target_User VARSTRING The user name or alias, in external format, of the user whose password is being changed. This can be a user name or an alias. Target_UserID INT(32) The user ID associated with Target_User.
Interprocess Communication Messages Event-Exit-Process Commands Table 15-7. Logon_Response_Data (Interactive/Programmatic Logon) (page 2 of 2) Password VARSTRING The 64-character password string returned from the event exit to be filled in the Safeguard database. Blanks if the password is not returned. This field is filed without checking by Safeguard.
Design Considerations Event-Exit-Process Commands Table 15-10 lists operations and modifiers for access control events. Table 15-10. Authorization Operations and Modifiers CREATE OPEN READ OPEN WRITE OPEN WRITEREAD OPEN EXECUTE OPEN CREATE For Dialect_Zero compatibility with FileSystem READ request, which is mapped to OPEN in Safeguard SMON. OPEN PURGE For Dialect_Zero compatibility with FileSystem READ request, which is mapped to OPEN in Safeguard SMON.
Security Requests Sent to the Event-Exit Process Event-Exit-Process Commands Security Requests Sent to the Event-Exit Process Depending on how the event-exit process is configured, the following specific requests are passed to it by the Safeguard subsystem.
Processing of Authorization Requests Event-Exit-Process Commands • • • Password change with the PASSWORD program Password change with the ADD USER, ALTER USER, ADD ALIAS, or ALTER ALIAS commands Password change interactive logon if ENABLE-AUTHENTICATE-EVENT is OFF Processing of Authorization Requests When ENABLE-AUTHORIZATION-EVENT is ON, authorization requests are routed to the event-exit process.
Processing of Authorization Requests Event-Exit-Process Commands PROTECTION_CHECK_ result is NORECORD. When NORECORD is the PROTECTION_CHECK result, the final result appears in the Guardian column. Table 15-11.
Processing of Authorization Requests Event-Exit-Process Commands disabled, then the deniable user waits indefinitely for a response from the event-exit process. The requestor process (including the entire thread), initiating the authorization check, will hang. Note. The TIMEOUT-ALL-AUTHZREQ attribute is supported only on systems running H06.26 and later H-series RVUs and J06.15 and later J-series RVUs.
Processing of Authentication Requests Event-Exit-Process Commands If the event-exit process responds NO to an access attempt, the failure is not audited in Safeguard because the event exit and SMON auditing are not integrated. If the eventexit process responds YES or NORECORD, the Safeguard subsystem rules on the request, and auditing is performed as specified for the object. Therefore, the basic concept in auditing is that if Safeguard is involved in the ruling, auditing is applied as specified.
Processing of Authentication Requests Event-Exit-Process Commands The event-exit process is responsible for prompting the user for verification of a new password and for storing passwords in its own database. If a new password is collected by the event-exit process, it can inform the Safeguard subsystem of this change after authentication is complete. For more information, see User Database Synchronization on page 15-32.
Processing of Password-Quality Requests Event-Exit-Process Commands I/O errors can occur when the event-exit process halts before responding to a request, or when it is enabled but down or restarting and the open is incomplete. In these instances, all user requests are denied. EMS messages identify these errors. If the event-exit process is disabled while an authentication request is pending, the request is allowed to complete, providing it does so within the timeout interval.
User Database Synchronization Event-Exit-Process Commands If the password-quality request is from an undeniable user when a timeout occurs, the request is removed from the outstanding queue, and the attempt is allowed to proceed with the Safeguard software performing the password-quality check. Super-group members are considered undeniable users. An EMS message indicates an undeniable user has timed out, thereby prompting the undeniable user to disable the malfunctioning event-exit process.
Event-Exit Design, Management, and Operation Event-Exit-Process Commands Similarly, if the event-exit was disabled while the Safeguard subsystem was running, the event-exit process must poll the Safeguard database for changes. Password Synchronization The basic premise for database synchronization is that the event-exit process is responsible for keeping passwords synchronized in the two user databases. Safeguard passwords are stored in an encrypted form, and HP does not export its encryption algorithm.
Event-Exit-Process Commands • • • Event-Exit Design, Management, and Operation The event-exit process can be a process pair to ensure its continuous availability to handle authorization requests. If it is not a process pair, the event-exit process is unavailable to handle requests during its initialization interval after a restart. Any user file maintained by the event-exit process must support 32-byte user alias names and their passwords.
Event-Exit-Process Commands Event-Exit Design, Management, and Operation of the event-exit process are not security processes. To avoid deadlocks, the event-exit process must maintain an internal list of its child processes and not forward their own requests to them. Once the event-exit process has responded to the open request of an SMON, it must not perform waited I/O.
Event-Exit-Process Commands Event-Exit Design, Management, and Operation Safeguard Reference Manual — 520618-030 15 - 36
16 Safeguard Subsystem Commands This section describes the commands that affect the Safeguard subsystem itself. Table 16-1 gives a brief summary of these Safeguard subsystem commands. Table 16-1. Safeguard Subsystem Command Summary Command Description STOP SAFEGUARD Disables Safeguard authorization checks and access auditing for all local protected objects.
Safeguard Subsystem Commands STOP SAFEGUARD Command STOP SAFEGUARD Command STOP SAFEGUARD stops each SMON process, each SHP and the SMP pair. The command also stops an event-exit process if one is running. After these processes are stopped, disk files that have Safeguard protection can be accessed only by the primary owner, the owner’s group manager, and the super ID. Attempts to access other system objects are subject only to access controls provided by the standard Guardian security system.
Safeguard Subsystem Commands INFO SAFEGUARD Command Following the execution of the STOP SAFEGUARD command: ° ° ° • Any user can create a process with any legal process name. Any user can access any named process. Only the user identified by a named process’s creator accessor ID (CAID), that user’s group manager, and the local super ID can stop a named process.
Safeguard Subsystem Commands ALTER SAFEGUARD Command option is one of: GENERAL DETAIL AUDIT CI COMPARE GENERAL displays the same global configuration attributes as INFO SAFEGUARD with no option specified. DETAIL displays all of the global configuration attributes including those for auditing, the default command interpreter, communication with $CMON, and logon dialog. AUDIT displays only global configuration attributes that relate to auditing.
ALTER SAFEGUARD Command Safeguard Subsystem Commands attribute is one of: AUTHENTICATE-MAXIMUM-ATTEMPTS [ n ] AUTHENTICATE-FAIL-TIMEOUT [ n [ [ [ [ [ [ SECONDS MINUTES HOURS DAYS WEEKS MONTHS ] ] ] ] ] ] ] AUTHENTICATE-FAIL-FREEZE { ON | OFF } PASSWORD-HISTORY n PASSWORD-MINIMUM-LENGTH n PASSWORD-MAY-CHANGE [ n [ DAYS [ BEFORE-EXPIRATION ] ] ] PASSWORD-REQUIRED { ON | OFF } PASSWORD-EXPIRY-GRACE [ n [ DAYS ] ] PASSWORD-ENCRYPT { ON | OFF } CHECK-DEVICE { ON | OFF } CHECK-SUBDEVICE { ON | OFF } DIRE
Safeguard Subsystem Commands ALTER SAFEGUARD Command CHECK-FILENAME { ON | OFF } DIRECTION-DISKFILE { VOLUME-FIRST } { FILENAME-FIRST } COMBINATION-DISKFILE { FIRST-RULE } { FIRST-ACL } { ALL } ACL-REQUIRED-DISKFILE { ON | OFF } ALLOW-DISKFILE-PERSISTENT { NORMAL | ALWAYS } CLEARONPURGE-DISKFILE { ON | OFF } { AUDIT-AUTHENTICATE-PASS } [ ALL ] { AUDIT-AUTHENTICATE-FAIL } [ NONE ] { AUDIT-SUBJECT-MANAGE-PASS } [ LOCAL ] { AUDIT-SUBJECT-MANAGE-FAIL } [ REMOTE ] { AUDIT-OBJECT-ACCESS-PASS } { AUDIT-OBJECT-AC
Safeguard Subsystem Commands ALTER SAFEGUARD Command DYNAMIC-PROC-UPDATE { ON | OFF } (only for systems running J06.10 and later J-series RVUs and H06.21 and later H-series RVUs.) CI-PROG [ prog-filename ] CI-LIB [ lib-filename ] CI-SWAP [ $vol[.subvol.
Safeguard Subsystem Commands ALTER SAFEGUARD Command PASSWORD-UPPERCASE-REQUIRED {ON / OFF} (only for systems running G06.31 and later G-series RVUs and H06.09 and later H-series RVUs) PASSWORD-LOWERCASE-REQ {ON / OFF} (only for systems running G06.31 and later G-series RVUs and H06.09 and later H-series RVUs) PASSWORD-NUMERIC-REQUIRED {ON / OFF}(only for systems running G06.31 and later G-series RVUs and H06.
Safeguard Subsystem Commands ALTER SAFEGUARD Command n defines the maximum number of failed authentication attempts allowed before the defined actions take place. The default value is 3. (Action is not taken until after three consecutive invalid attempts have been made.) A value of 0 specifies no limit to the number of failed logon attempts. A null entry for this attribute resets the value to the default value.
Safeguard Subsystem Commands ALTER SAFEGUARD Command effect, users can change their own password at any time. A value of 0 also allows the password to be changed at any time. The default value is 0 (no restrictions on password change date). A null entry for this attribute resets the value to the default value. If the PASSWORD-MAY-CHANGE period is greater than the PASSWORDMUST-CHANGE period in a user authentication record, that user’s password can be changed at any time. Note.
Safeguard Subsystem Commands ALTER SAFEGUARD Command DIRECTION-DEVICE { DEVICE-FIRST | SUBDEVICE-FIRST } defines the direction in which device and subdevice ACLs are consulted to determine access to devices and subdevices when both CHECK-DEVICE and CHECK-SUBDEVICE are ON. The initial value is DEVICE-FIRST. DEVICE-FIRST specifies that device ACLs are to be consulted before subdevice ACLs. SUBDEVICE-FIRST specifies that subdevice ACLs are to be consulted before device ACLs.
Safeguard Subsystem Commands ALTER SAFEGUARD Command DIRECTION-PROCESS { PROCESS-FIRST | SUBPROCESS-FIRST } defines the direction in which process and subprocess ACLs are consulted to determine access to processes and subprocesses when both CHECKPROCESS and CHECK-SUBPROCESS are ON. The initial value is PROCESS-FIRST. PROCESS-FIRST specifies that process ACLs are to be consulted before subprocess ACLs. SUBPROCESS-FIRST specifies that subprocess ACLs are to be consulted before process ACLs.
Safeguard Subsystem Commands ALTER SAFEGUARD Command CHECK-SUBVOLUME { ON | OFF } defines whether the subvolume ACL is consulted to determine access to subvolumes and disk files. The initial value is OFF. (Subvolume ACLs are not consulted.) CHECK-FILENAME { ON | OFF } defines whether the disk file ACL is consulted to determine access to disk files. The initial value is ON. (Disk-file ACLs are consulted.
Safeguard Subsystem Commands ALTER SAFEGUARD Command ACL-REQUIRED-DISKFILE { ON | OFF } defines whether the absence of an ACL for a volume, subvolume, or disk file causes the denial of access to that volume, subvolume, or disk file. The initial value is OFF. (The absence of a Safeguard protection record reverts operation to Guardian rules.) CLEARONPURGE-DISKFILE { ON | OFF } defines whether all disk files act as if the CLEARONPURGE file attribute had been set. The initial value is OFF.
Safeguard Subsystem Commands ALTER SAFEGUARD Command AUDIT-SUBJECT-MANAGE-PASS [ LOCAL | REMOTE | ALL | NONE ] defines additional auditing for successful attempts to manage user and alias authentication records. This setting supplements the audit settings in user or alias authentication records. The default value is NONE. (Auditing is selected by the individual audit settings.
Safeguard Subsystem Commands ALTER SAFEGUARD Command This attribute can also affect auditing of some HP client subsystems. For more information, see the Safeguard Audit Service Manual. AUDIT-DEVICE-ACCESS-FAIL [ LOCAL | REMOTE | ALL | NONE ] defines additional auditing for unsuccessful device or subdevice accesses. This setting supplements the audit settings in all device and subdevice protection records. The default value is NONE. (Auditing is selected by the individual audit settings.
Safeguard Subsystem Commands ALTER SAFEGUARD Command subprocess protection records. The default value is NONE. (Auditing is selected by the individual audit settings.) AUDIT-PROCESS-MANAGE-FAIL [ LOCAL | REMOTE | ALL | NONE] defines additional auditing for unsuccessful process or subprocess authorization record accesses. This setting supplements the audit settings in all process and subprocess protection records. The default value is NONE. (Auditing is selected by the individual audit settings.
Safeguard Subsystem Commands ALTER SAFEGUARD Command AUDIT-CLIENT-GUARDIAN { ON | OFF } defines whether the Safeguard software accepts Guardian-related audit records from HP privileged subsystems. These subsystems are known as clients. ON indicates that the Safeguard software accepts audit records from Guardian clients. OFF indicates that it does not accept the audit records from Guardian clients. The initial value is ON.
ALTER SAFEGUARD Command Safeguard Subsystem Commands Table 16-2.
ALTER SAFEGUARD Command Safeguard Subsystem Commands Table 16-2.
ALTER SAFEGUARD Command Safeguard Subsystem Commands Table 16-2.
ALTER SAFEGUARD Command Safeguard Subsystem Commands Table 16-2.
Safeguard Subsystem Commands • • • • • • • • • • • • • • • • • • • ALTER SAFEGUARD Command SUBJECTSYSTEMNAME SUBJECTCREATORNAME SUBJECTCREATORNUMBER SUBJECTSYSTEMNUMBER SUBJECTPROCESSNAME SUBJECTAUTHLOCNAME SUBJECTTERMINALNAME SUBJECTAUTHLOCNUMBER CREATORUSERNAME CREATORUSERNUMBER CREATORSYSTEMNAME CREATORCREATORNAME CREATORCREATORNUMBER CREATORSYSTEMNUMBER CREATORPROCESSNAME CREATORAUTHLOCNAME CREATORTERMINALNAME CREATORAUTHLOCNUMBER OBJECTNAME AUDIT-EXCLUDE-VALUE specifies a set of values (up to five)
Safeguard Subsystem Commands ALTER SAFEGUARD Command The default value is OFF. Note. The attribute AUDIT-OSS-FILTER is supported only on systems running J06.04 and later J-series RVUs, H06.15 and later H-series RVUs, and G06.32 and later Gseries RVUs. AUDIT-TACL-LOGOFF controls generation of audits for the TACL LOGOFF or TACL EXIT operations.
Safeguard Subsystem Commands ALTER SAFEGUARD Command CI-SWAP [ $vol [ subvol-filename ] ] $vol [ subvol-filename ] defines the swap volume or file to be used with the CI-PROG command interpreter specified in the Safeguard configuration record. $vol must be a local volume name. The default value is *NONE*. A null entry for this attribute resets the value to the default value. If no swap volume is specified, the volume that contains the CI-PROG object file is used as the swap volume when CI-PROG is started.
Safeguard Subsystem Commands ALTER SAFEGUARD Command BLINDLOGON { ON | OFF } defines whether passwords are accepted if they are typed on the same line as the user name during logon. ON specifies that passwords are not accepted if they are typed on the same line as the user name and that they must be entered on a separate line following the password prompt. OFF specifies that passwords can be entered on the same line as the user name during logon. The initial value is ON.
Safeguard Subsystem Commands ALTER SAFEGUARD Command fn, … PERSISTENT ON command in cases where the disk file does not exist. • • The OWNER attribute must be specified. Only these users are allowed to create PERSISTENT protection records for disk files that do not exist: ° ° ° Users that have CREATE authority for OBJECTTYPE DISKFILEs The manager (*,255) of the group of the specified owner The super ID (255,255) NORMAL restricts creation of disk-file protection records to files that exist.
Safeguard Subsystem Commands ALTER SAFEGUARD Command ONLY specifies that only pattern searching will occur. That is, normal non-pattern searching will not be performed even if the pattern search returns NORECORD. MID specifies that pattern based protection records will be searched: ° After the diskfile protection record search returns NORECORD when Direction-Diskfile is set to Filename-First.
Safeguard Subsystem Commands ALTER SAFEGUARD Command PASSWORD-MAXIMUM-LENGTH {n} specifies the maximum acceptable length of a password. The initial value is 8 and the maximum value is 8 for DES algorithm and 64 for HMAC256 algorithm. Note. This attribute is supported only on systems running H06.08 and later H-series RVUs and G06.31 and later G-series RVUs. PASSWORD-COMPATIBILITY-MODE {ON | OFF} specifies that only first eight characters of the password will be considered during password change.
Safeguard Subsystem Commands ALTER SAFEGUARD Command The default value for PROMPT-BEFORE-STOP attribute is OFF. This attribute is part of the SAFEGUARD global configuration. Note. This attribute is supported only on systems running J06.16 and later J-series RVUs, and H06.27 and later H-series RVUs. PASSWORD-UPPERCASE-REQUIRED { ON | OFF } defines whether the user password will be enforced to have at least one uppercase character. The initial value is OFF.
Safeguard Subsystem Commands ALTER SAFEGUARD Command PASSWORD-NUMERIC-REQUIRED {ON / OFF} defines whether the user password will be enforced to have at least one numeric character. The initial value is OFF. The PASSWORD-NUMERIC-REQUIRED attribute can be set to ON when PASSWORD-ALGORITHM is HMAC256 and PASSWORD-ENCRYPT is ON. Note. • • • On systems running J06.11 and later J-series RVUs and H06.
Safeguard Subsystem Commands ALTER SAFEGUARD Command PASSWORD-SPACES-ALLOWED {ON / OFF} defines whether a user password will be allowed to have embedded spaces. The initial value is OFF. Note. This attribute is supported only on systems running H06.09 and later H-series RVUs and G06.31 and later G-series RVUs. When PASSWORD-ENCRYPT is OFF or PASSWORD-ALGORITHM is DES or PASSWORD-COMPATIBILITY-MODE is ON, an attempt to alter PASSWORD-SPACES-ALLOWED to ON shall result in an error.
Safeguard Subsystem Commands • ALTER SAFEGUARD Command When PASSWORD-ENCRYPT is OFF, an attempt to alter the quality attributes results in an error. The error messages displayed are: THIS ATTRIBUTE CANNOT BE MODIFIED UNLESS PASSWORD-ENCRYPT = ON; COMMAND NOT EXECUTED.
Safeguard Subsystem Commands ALTER SAFEGUARD Command PASSWORD-MIN-LOWERCASE-REQ [ n ] n specifies the minimum number of lowercase characters required in a user password when it is set or changed. The valid values of PASSWORD-MIN-LOWERCASE-REQ range from 0 to 8. The initial value is 0. Note. The PASSWORD-MIN-LOWERCASE-REQ attribute is supported only on systems running J06.11 and later J-series RVUs and H06.22 and later H-series RVUs.
Safeguard Subsystem Commands • • ALTER SAFEGUARD Command When the PASSWORD-NUMERIC-REQUIRED attribute is changed from ON to OFF, Safeguard sets the value of the PASSWORD-MIN-NUMERICREQ attribute to 0. The sum of the values of the effective password quality attributes (PASSWORD-MIN-UPPERCASE-REQ, PASSWORD-MIN-LOWERCASEREQ, PASSWORD-MIN-NUMERIC-REQ, PASSWORD-MINSPECIALCHAR-REQ or PASSWORD-MIN-ALPHA-REQ) must not be greater than the value of the PASSWORD-MAXIMUM-LEN attribute.
Safeguard Subsystem Commands ALTER SAFEGUARD Command The PASSWORD-ALPHA-REQUIRED attribute can be set to ON when PASSWORD-ENCRYPT is ON. Note. • • The PASSWORD-ALPHA-REQUIRED attribute will take effect only when the PASSWORD-MIN-QUALITY-REQUIRED attribute is set to value greater than 0. The PASSWORD-ALPHA-REQUIRED attribute is supported only on systems running J06.11 and later J-series RVUs and H06.22 and later H-series RVUs.
17 Running Other Programs From SAFECOM You can execute the RUN command directly from SAFECOM. This feature allows a security administrator to run programs without having to leave SAFECOM. The SAFECOM RUN command is a modified form of the TACL RUN command. It differs from the TACL RUN command in these ways: • • • An implicit RUN command is not supported. The RUND command is not supported. Several run options are not supported.
Running Other Programs From SAFECOM Consideration run-option is any of the following run options, which are described in the TACL Reference Manual: CPU cpu-number INSPECT { OFF | ON | SAVEABEND } IN [ file-name ] LIB [ file-name ] MEM num-pages NAME [ $process-name ] NOWAIT OUT [ list-file ] PRI priority TERM [\system-name.]$terminal-name param-set is a program parameter or series of parameters sent to the new process in the startup message.
A SAFECOM Error and Warning Messages If SAFECOM encounters a condition that prohibits it from successfully executing a command, SAFECOM displays an error or warning message. The error or warning message gives a brief description of the condition that prohibited SAFECOM from executing the command. This appendix describes the SAFECOM error and warning messages. The messages are listed in alphabetical order.
SAFECOM Error and Warning Messages 2. Provide the Safeguard configuration in effect when the error occurred. Also include information on a user who is experiencing the problem. To obtain this information, execute the following SAFECOM commands: > SAFECOM INFO SAFEGUARD, DETAIL > SAFECOM INFO USER user-ID, DETAIL 3. If the problem is reproducible, list in detail the steps required to reproduce the problem. If the problem is not reproducible, provide the EMSLOG that was active when the problem occurred. 4.
SAFECOM Error and Warning Messages CPU OR SYSTEM UNAVAILABLE Cause. The CPU option in a RUN command specified a CPU that is unavailable, or the program was to be run on a system that is unavailable. Effect. The command is rejected. Recovery. Specify a different CPU or system, or retry when the CPU or system is available. DIFFERENT LIBRARY CURRENTLY IN USE Cause. The LIB option in a RUN command specified a library other than the one the program is currently using. Effect. The command is rejected.
SAFECOM Error and Warning Messages * ERROR * Audit file does not exist Cause. An attempt to execute a RELEASE command failed because the audit file does not exist. Effect. The command is rejected. Recovery. None. * ERROR * Audit file in use - unable to release Cause. An attempt to release an audit file failed because the specified file is the current audit file. Effect. The command is rejected. Recovery. None. * ERROR * Audit file is foreign - unable to release Cause.
SAFECOM Error and Warning Messages * ERROR * Audit Pool is defined as CURRENT Cause. An attempt to execute a DELETE AUDIT POOL command failed because the audit pool is the current audit pool. Effect. The command is rejected. Recovery. Select a different audit pool to be the current pool and then retry the command. * ERROR * Audit Pool is defined as NEXT Cause. An attempt to execute a DELETE AUDIT POOL command failed because the audit pool is the next audit pool. Effect. The command is rejected.
SAFECOM Error and Warning Messages Cause. You attempted to add the SECURITY-AUDITOR security group when it already exists. Effect. The command is not executed. Recovery. None. * ERROR * CANNOT ADD SECURITY-GROUP SECURITY-AUDITOR: SECURITY VIOLATION Cause. A user with insufficient privileges attemped to add the SECURITY-AUDITOR security group. Effect. The command is not executed. Recovery. None. * ERROR * CANNOT ADD SECURITY-GROUP SECURITY-PRV-ADMINISTRATOR: ALREADY EXISTS Cause.
SAFECOM Error and Warning Messages * ERROR * VIOLATION CANNOT ADD SECURITY-GROUP SECURITY-MEDIA-ADMIN: SECURITY Cause. A user with insufficient privileges attempted to add the SECURITY-MEDIAADMIN security group. Effect. The command is not executed. Recovery. None. * ERROR * CANNOT ADD SECURITY-GROUP SECURITY-PERSISTENCE-ADMIN: ALREADY EXISTS Cause. A user attempts to add the SECURITY-PERSISTENCE-ADMIN security group when it already exists. Effect. The command does not execute. Recovery. None.
SAFECOM Error and Warning Messages Cause. An attempt to add an authorization record for a disk file failed because the specified disk volume does not exist. Effect. An authorization record for the disk file is not added to the object database. Recovery. Wait for the volume to become available and then retry the command. Or specify another volume and retry the command. * ERROR * CANNOT ADD SUBVOLUME subvol-name : SUBVOLUME RESERVED FOR OSS Cause.
SAFECOM Error and Warning Messages Effect. An authorization record for the object is not added to the object database. Recovery. Write down the SMP error number and contact your HP representative. (Your HP representative will need the SMP error number to correct the problem.) * ERROR * CANNOT OPEN $ZSMP : FILE ERROR = ### Cause. SAFECOM encountered the indicated file-system error while attempting to open the SMP. Effect. The command is not executed. Recovery. Report the problem to your system manager.
SAFECOM Error and Warning Messages Recovery. Report the problem to your system manager. Wait a while and try to use SAFECOM again. * ERROR * CANNOT OPEN $ZSMP: $smp-name NOT FOUND Cause. The command failed for either of two reasons: • • No SMP is running on your system or on the system of a remote object that you tried to manage with a SAFECOM command. The SMP running on your system or on a remote system was not started with the correct process name, $ZSMP. Effect.
SAFECOM Error and Warning Messages Recovery. Write down the SMP error number and contact your HP representative. (Your HP representative will need the SMP error number to correct the problem.) * ERROR * DISKFILE filename : SUBVOLUME RESERVED FOR OSS Cause. You attempted an operation on a disk file that resides on a subvolume reserved for OSS. Effect. The command is not executed. Recovery. Specify a disk file on another subvolume and retry the command.
SAFECOM Error and Warning Messages Recovery. Delete the existing event-exit process configuration record and then retry the command. * ERROR * Maximum number of Terminals (LUs) defined Cause. An attempt was made to add another terminal definition with the ADD TERMINAL command, but the maximum number of terminals has already been defined. The current maximum is about 420 terminals. Effect. The command is rejected. Recovery. None. * ERROR * Name conflicts with existing alias name. Cause.
SAFECOM Error and Warning Messages Recovery. Reenter the command with a suitable password. * ERROR * Password length less than PASSWORD-MINIMUM-LENGTH n Cause. The password specified in the command contained fewer characters than required by the PASSWORD-MINIMUM-LENGTH global configuration attribute. Effect. The command is not executed. Recovery. Reenter the command with a suitable password of an appropriate length. * ERROR * process enabled - ALTER ENABLED OFF prior to DELETE Cause.
SAFECOM Error and Warning Messages manager cannot solve the problem, report the error to your HP representative. (The System Messages Manual describes file-system errors.) * ERROR * RECORD FOR objtype objname : LICENSE ONLY PROGRAM OBJECT FILES Cause. An attempt to set the LICENSE attribute ON for a disk file failed because the file is not a program object file. Effect. The command is rejected. Recovery. None. * ERROR * RECORD FOR objtype objname : NOT FOUND Cause.
SAFECOM Error and Warning Messages Recovery. Write down the SMP error number and contact your HP representative. (Your HP representative will need the SMP error number to correct the problem.) * ERROR * PROTECTED RECORD FOR objtype objname : SQL OBJECTS NOT SAFEGUARD Cause. An attempt to add a Safeguard protection record for a SQL object failed. Effect. The command is rejected. Recovery. None. SQL objects cannot be added to the Safeguard database.
SAFECOM Error and Warning Messages Effect. The command is not executed. Recovery. For cause 1, either reenter the command without the DEFAULTPROTECTION attributes, or convert the USERID file to the larger record size and then reenter the command. For cause 2, either reenter the command with a value of 20 or less, or convert the USERID file to the larger record size and then reenter the command. * ERROR * Subject Group Name invalid Cause.
SAFECOM Error and Warning Messages Cause. An attempt was made to delete a group that has members. Effect. The command is not executed. Recovery. Remove all members from the group and reenter the command. * ERROR * The group number group-number was not found. Cause. The requested group number was not found. Effect. The command is not executed. Recovery. Specify the correct group number and reenter the command. * ERROR * The object obj-type obj-name is already defined Cause.
SAFECOM Error and Warning Messages * ERROR * The requested group name group-name is already defined. Cause. A case-sensitive search found that the group name already exists. Effect. The ADD GROUP command is not executed. Recovery. Specify a different group name and reenter the command. * ERROR * The requested group name group-name is not defined. Cause. You specified a group that does not exist. Effect. The GROUP command is not executed. Recovery.
SAFECOM Error and Warning Messages Effect. The command is not executed. Recovery. Make appropriate corrections to the daylight savings time (DST) table and retry the command. ** ERROR ** UNABLE TO CONVERT TIMESTAMP: DST range error Cause. The Guardian procedure CONVERTTIMESTAMP failed with an error. Effect. The command is not executed. Recovery. Make appropriate corrections to the daylight savings time (DST) table and retry the command. ** ERROR ** UNABLE TO CONVERT TIMESTAMP: DST table not loaded Cause.
SAFECOM Error and Warning Messages Effect. The command is rejected. Recovery. Delete the aliases and retry the command. EXTENDED DATA SEGMENT INITIALIZATION ERROR n Cause. The program specified in a RUN command required more memory than is currently available. Effect. The command is rejected. Recovery. Retry the command when more memory is available. EXTENDED SEGMENT SWAP FILE ERROR nnn Cause. The program specified in a RUN command required more disk space than is currently available. Effect.
SAFECOM Error and Warning Messages ILLEGAL LIBRARY FILE FORMAT FILE HAS UNDEFINED DATA BLOCKS Cause. The LIB option in a RUN command specifies a library file that is corrupted. Effect. The command is rejected. Recovery. Specify a different library or restore the library. Then retry the command. ILLEGAL LIBRARY FILE FORMAT FILE NOT FIXED-UP BY BINDER Cause. The LIB option in a RUN command specifies a library file that is corrupted. Effect. The command is rejected. Recovery.
SAFECOM Error and Warning Messages Effect. The command is rejected. Recovery. Specify a different library or restore the library. Then retry the command. ILLEGAL LIBRARY FILE FORMAT NOT A DISK FILE Cause. The LIB option in a RUN command specifies a library file that is not a disk file. Effect. The command is rejected. Recovery. Specify a different library file that is a disk file and retry the command. ILLEGAL LIBRARY FILE FORMAT NOT CORRECT FILE STRUCTURE Cause.
SAFECOM Error and Warning Messages Recovery. Specify a different library or install a later version of the operating system. Then retry the command. ILLEGAL LIBRARY FILE FORMAT RESIDENT SIZE GREATER THAN CODE AREA Cause. The LIB option in a RUN command specifies a library file that is corrupted. Effect. The command is rejected. Recovery. Specify a different library or restore the library. Then retry the command. ILLEGAL LIBRARY FILE FORMAT UNRESOLVED REFERENCES FROM DATA BLOCK TO CODE BLOCK Cause.
SAFECOM Error and Warning Messages Cause. The program object file specified in a RUN command is corrupted. Effect. The command is rejected. Recovery. Specify a different program file or restore the file. Then retry the command. ILLEGAL PROGRAM FILE FORMAT INVALID PEP Cause. The program object file specified in a RUN command is corrupted. Effect. The command is rejected. Recovery. Specify a different program file or restore the file. Then retry the command.
SAFECOM Error and Warning Messages ILLEGAL PROGRAM FILE FORMAT NOT FILE CODE 100 Cause. The program object file specified in a RUN command is not a program file. Effect. The command is rejected. Recovery. Specify a different program file and retry the command. ILLEGAL PROGRAM FILE FORMAT NPERR^BADFILE ERROR SUBCODE nnn Cause. The program object file specified in a RUN command is corrupted. Effect. The command is rejected. Recovery. Specify a different program file or restore the file.
SAFECOM Error and Warning Messages Cause. The command was entered improperly. For example, a required comma (,) is missing, or an attribute name is misspelled. Effect. The command is not executed. Recovery. Look up the correct syntax for the command, check for proper spelling, and reenter the corrected command. INTERNAL SAFECOM SPI ERROR nnn Cause. SAFECOM encountered an internal error attempting to interpret a command. Effect. The command is not executed. Recovery. Exit SAFECOM and then rerun SAFECOM.
SAFECOM Error and Warning Messages Recovery. Reenter the command, naming the object type valid for the objects specified. INVALID SECURITY GROUP SPECIFIED; COMMAND NOT EXECUTED. Cause. An invalid security group name was specified. Effect. The command is not executed. Recovery. Correct the name and then retry the command. LIBRARY FILE ERROR nnn Cause. A problem exists with the library file specified by the LIB option in a RUN command. Effect. The command is not executed. Recovery.
SAFECOM Error and Warning Messages Cause. A NEWPROCESS failure occurred during the attempted execution of a RUN command. Effect. The command is not executed. Recovery. Look up the error number in the Operator Messages Manual and resolve the problem according to instructions given there. NO HELP IS AVAILABLE Cause. No help exists for the specified topic. Effect. The command is not executed. Recovery.
SAFECOM Error and Warning Messages Recovery. Reenter the command with a valid group-number and member-number. (You can use the TACL USERS command to find the correct numbers associated with a user’s user name.) Only super group USERS and ALIAS can become member of this group Cause. An attempt was made to add a non-super group member to a restricted group. Effect. The command is not executed. Recovery. Ensure that you are adding a super group member to the restricted group and reenter the command.
SAFECOM Error and Warning Messages Recovery. Change one of the names and retry the command. PROGRAM FILE ERROR nnn Cause. A file error occurred during an attempt to execute a RUN command. Effect. The command is not executed. Recovery. Look up the error number in the System Messages Manual and resolve the problem according to instructions given there. PROGRAM FILE IS LOCKED Cause. The program object file specified in a RUN command is locked. Effect. The command is rejected. Recovery.
SAFECOM Error and Warning Messages SECURITY STRING MUST BE IN "xxxx" FORMAT; COMMAND NOT EXECUTED. Cause. The security string specified for a GUARDIAN SECURITY attribute is not four characters long. Effect. The command is not executed. Recovery. Reenter the command with a properly formed security string. SECURITY STRING MUST CONTAIN O, G, A, U, C, or N; COMMAND NOT EXECUTED. Cause. The security string specified for a GUARDIAN SECURITY attribute contains an illegal character. Effect.
SAFECOM Error and Warning Messages THIS CHARACTER IS UNRECOGNIZABLE; COMMAND NOT EXECUTED. Cause. The current command contains a non-ASCII character (a character whose octal representation value exceeds %177). Effect. The command is not executed. Recovery. Reenter the command. If the error persists, it might indicate either a hardware problem or an internal error in SAFECOM. Contact your HP representative. THIS NAME IS TOO LONG (> 31 CHARACTERS); COMMAND NOT EXECUTED. Cause.
SAFECOM Error and Warning Messages Effect. The command is not executed. Recovery. Specify a group number within the allowable range and reenter the command. THIS NUMBER MUST BE GREATER THAN 0; COMMAND NOT EXECUTED. Cause. A number in the command is less than the minimum allowable value. Effect. The command is not executed. Recovery. Correct the number to within the allowable range and reenter the command. THIS NUMBER MUST BE LESS THAN OR EQUAL TO n; COMMAND NOT EXECUTED. Cause.
SAFECOM Error and Warning Messages TOO MANY MEMBERS SPECIFIED; COMMAND NOT EXECUTED. Cause. More than 32 members are being added to a group, or more than 32 members are being removed from a group. Effect. The command is rejected. Recovery. Specify 32 or fewer members in the offending MEMBER clause, and retry the command. UNABLE TO ALLOCATE SEGMENT FOR SAFECOM. Cause. Insufficient memory is available in the CPU in which SAFECOM is running. Effect. The SAFECOM session does not run properly. Recovery.
SAFECOM Error and Warning Messages Recovery. Check for spelling or typing errors, correct the group name, and then retry the command. UNDEFINED SUBJECT; COMMAND NOT EXECUTED Cause. A specified member in an ADD or ALTER group command does not exist. Effect. The command is rejected. Recovery. Specify a valid user or alias and then retry the command. UNLICENSED PRIVILEGED PROGRAM Cause. The program object file specified in a RUN command contains unlicensed privileged code. Effect. The command is rejected.
SAFECOM Error and Warning Messages Effect. The command is accepted, but the user is not removed from the administrative group. Recovery. None. WARNING - PROCESS HAS UNDEFINED EXTERNAL(S) Cause. The program object file contains external references that cannot be resolved. Effect. The command is executed, but results might be spurious. Recovery. Inform your system administrator. Retry the command after the program or library file has been corrected.
SAFECOM Error and Warning Messages Effect. The command is not executed. Recovery. None. * WARNING * RECORD FOR SECURITY-GROUP SECURITY-PERSISTENCE-ADMIN: NOT FOUND Cause. A user attempts to perform alter, delete, freeze, thaw, or info command on the SECURITY-PERSISTENCE-ADMIN security group that does not exist. Effect. The command does not execute. Recovery. None. * WARNING * RECORD FOR SECURITY-GROUP SECURITY-MEDIA-ADMIN: NOT FOUND Cause. You are using SAFECOM in syntax checking mode.
SAFECOM Error and Warning Messages Effect. The command is accepted, however, the PROGID is not set and the diskfile flab owner is changed to match the protection record owner. Recovery. None. Note. This warning message is supported only on systems running J06.15 and later J-series RVUs and H06.26 and later H-series RVUs. * WARNING * RECORD FOR DISKFILE diskfilename: DISKFILE FLAB OWNER IS CHANGED TO MATCH PROTECTION RECORD OWNER. Cause.
SAFECOM Error and Warning Messages Recovery. Review the valid use of wild-card characters, correct the name, and retry the command. *ERROR* TEXT DESCRIPTION FIELD CONTAINS INVALID CHARACTERS; COMMAND NOT EXECUTED Cause. The text string specified for the TEXT-DESCRIPTION attribute in a command contained nonprintable characters. Effect. The command is not executed. Recovery. Remove the nonprintable characters or replace them with printable characters.
SAFECOM Error and Warning Messages ERROR: THIS NUMBER MUST BE LESS THAN OR EQUAL TO 8; COMMAND NOT EXECUTED. Cause. PASSWORD-MINIMUM-LENGTH attribute is greater than eight, when PASSWORD-ENCRYPT is OFF or, PASSWORD-ENCRYPT is ON and PASSWORD-ALGORITHM is DES. Effect. The command is not executed. Recovery. PASSWORD-MINIMUM-LENGTH attribute should be less than or equal to eight. Note. This error message is supported only on systems running G06.31 and later G-series RVUs and H06.08 and later H-series RVUs.
SAFECOM Error and Warning Messages Effect. The command is not executed. Recovery. PASSWORD-MAXIMUM-LENGTH should be greater than or equal to PASSWORD-MINIMUM-LENGTH. Note. This error message is supported only on systems running G06.31 and later G-series RVUs and H06.08 and later H-series RVUs. PASSWORD-MAXIMUM-LENGTH PASSWORD-MINIMUM-LENGTH MUST BE GREATER THAN OR EQUAL TO ; COMMAND NOT EXECUTED Cause.
SAFECOM Error and Warning Messages AUDIT-EXCLUDE-FIELD and AUDIT-EXCLUDE-VALUE mismatch Cause. The values specified by attribute AUDIT-EXCLUDE-VALUE is invalid for the corresponding fieldname specified by AUDIT-EXCLUDE-FIELD. Effect. The command is rejected. Recovery. Review the valid use of values set by AUDIT-EXCLUDE-VALUE and retry the command. Note. This error message is supported only on systems running J06.03 and later J-series RVUs, H06.14 and later H-series RVUs, and G06.
B Disk-File Access Rules Table B-1 on page B-2 shows how disk file access rules are evaluated depending on how the Safeguard software applies the access control lists (ACL) in disk file, volume, and subvolume protection records. FIRST-RULE, FIRST-ACL, and ALL are the settings allowed for the Safeguard configuration attribute COMBINATION-DISKFILE. This attribute defines the manner in which overlapping ACLs are resolved for access to volumes, subvolumes, and disk files.
Disk-File Access Rules The settings of CHECK-VOLUME, CHECK-SUBVOLUME, and CHECK-FILENAME have no effect when an attempt is made to create a disk file. Any attempt to create a disk file is subject to access checking at all levels, regardless of the settings of these configuration attributes.
Disk-File Access Rules Table B-1.
Disk-File Access Rules Table B-1.
Disk-File Access Rules Table B-2. CHECK-DISKFILE-PATTERN settings Result from: CHECK-DISKFILE-PATTERN value Normal Pattern OFF FIRST LAST ONLY N Y N1 Y4 N3 Y6 N N N1 N4 N3 N6 N NR N1 N2 N3 NR6 NR Y NR1 Y4 Y5 Y6 NR N NR1 N4 N5 N6 NR NR NR1 NR2 NR5 NR6 N the request is denied (NO) Y the request is granted (YES) NR no norecord was found (NORECORD) CHECK-DISKFILE-PATTERN OFF searches only for normal protection records.
Disk-File Access Rules indicates the SUBVOLUME ACL setting and the third column indicates the DISKFILE PATTERN setting. The last three columns show the final access evaluation based on the Safeguard global configuration attribute COMBINATION-DISKFILE values FIRSTACL, FIRST-RULE and ALL. Note. This setting is only supported by systems running J06.08 and later J-series RVUs and H06.18 and later H-series RVUs. Table B-3.
Disk-File Access Rules Table B-4.
Disk-File Access Rules Table B-4.
Index A Abbreviating SAFECOM commands 1-14 Access control lists additional owner 8-1, 9-1, 10-1, 11-4 defined 8-3 DENY option 8-61, 9-30, 10-28, 11-31, 12-26, 13-28 effect of deleting a user from system 5-22, 5-23 effect of freezing a user from system 5-24 for devices 10-2 for disk files 8-2 for OBJECTTYPES 12-2 for process 11-2 for security groups 13-3 for subdevices 10-2 for subprocess 11-2 for subvolumes 9-2 for volumes 9-2 freezing access 8-40 initial owner 8-1, 9-1, 10-1, 11-4 thawing access 8-76 ADD A
B Index description 5-10 ALTER VOLUME command 9-12 ASSUME command 4-3 Attributes for all objects 1-3, 1-4 for devices 10-1 for disk files 8-7, 8-16, 8-32, 8-58, 8-69, 8-79, 8-84, 8-96 for OBJECTTYPES 12-4, 12-16 for security groups 13-4 for subdevices 10-1 for subvolumes 9-1 for user 5-40 for user alias 6-38 for volumes 9-1 audit priv logon note page 68 8-68 Auditing for devices 10-29 for disk files 8-63, 8-64 for OBJECTTYPES 12-27 for processes 11-32 for security groups 13-28 for subdevices 10-29 for sub
D Index for subvolumes 1-4 for terminals 1-7 for volumes 1-4 creation time note 1-2 D DELETE ALIAS command 6-21 DELETE DEVICE command 10-17 DELETE DISKFILE command 8-36 DELETE EVENT-EXIT-PROCESS command 15-10 DELETE GROUP command 7-12 DELETE OBJECTTYPE command 12-16 DELETE PROCESS command 11-20 DELETE SECURITY-GROUP command 13-16 DELETE SUBDEVICE command 10-17 DELETE SUBPROCESS command 11-20 DELETE SUBVOLUME command 9-18 DELETE TERMINAL command 14-7 DELETE USER command description 5-22 effect of user ali
F Index F Fallback option 16-26 FC command 4-15 File error 48 8-3, 11-2 File names for disk 2-4, 2-6 fully qualified 2-3 partially qualified 2-3 File-sharing group 7-1 FREEZE ALIAS command 6-22 FREEZE DEVICE command description 10-18 with device open 10-19 FREEZE DISKFILE command 8-40 FREEZE OBJECTTYPE command 12-17 FREEZE PROCESS command 11-21 FREEZE SECURITY-GROUP command 13-17 FREEZE SUBDEVICE command description 10-18 with subdevice open 10-19 FREEZE SUBPROCESS command 11-21 FREEZE SUBVOLUME command 9
L Index display options 5-26 who can execute 5-2 INFO VOLUME command 9-21 Initial directory 5-50, 6-48 Initial ownership 8-1, 9-1, 10-1, 11-4, 13-3 Initial program path name 5-50, 6-48 type 5-50, 6-48 fully qualified for disk files 2-4 fully qualified for processes 2-13 fully qualified for subdevices 2-11 fully qualified for subprocesses 2-14 fully qualified for subvolumes 2-8 fully qualified for volumes 2-7 partially qualified for devices 2-10 partially qualified for disk files 2-5 partially qualified f
O Index displaying default values 12-30 displaying information 12-18 freezing 12-17 resetting default values 12-22 setting default values 12-23 thawing 12-32 Object database 1-11 OBJECTTYPE authorization record adding 12-4 altering 12-10 deleting 12-16 displaying default values 12-30 displaying information 12-18 freezing 12-17 resetting default values 12-22 setting default values 12-23 thawing 12-32 OBJECTTYPE security commands 12-3 OBJECT-TEXT-DESCRIPTION attribute ADD DEVICE and SUBDEVICE Command 10-6,
P Index OWNER-LIST attribute 5-1, 5-12, 5-27, 5-42, 6-2, 6-11, 6-25, 6-40 P Password adding 5-8 changing 5-14, 5-21, 6-12, 6-20 immediate expiration 5-14 setting 5-43, 6-40 PASSWORD-ALGORITHM 16-28 PASSWORD-COMPATIBILITYMODE 16-29 PASSWORD-ERROR-DETAIL {ON | OFF} 16-29 PASSWORD-LOWERCASEREQUIRED 16-30 PASSWORD-MAXIMUM-LENGTH 16-29 PASSWORD-MIN-QUALITYREQUIRED 16-32 PASSWORD-NUMERIC-REQUIRED 16-31 PASSWORD-SPACES-ALLOWED 16-32 PASSWORD-SPECIALCHARREQUIRED 16-31, 16-35 PASSWORD-UPPERCASEREQUIRED 16-30 PERS
S Index RESET-BINARY-DESCRIPTION attribute 5-20, 6-15 RESET-OBJECT-TEXT-DESCRIPTION attribute ALTER DEVICE and SUBDEVICE Command 10-12, 10-15 ALTER DISKFILE Command 8-23, 8-27 ALTER OBJECTTYPE Command 12-12, 12-15 ALTER PROCESS and SUBPROCESS Command 11-15, 11-18 ALTER SECURITY-GROUP Command 13-11, 13-14 ALTER VOLUME and SUBVOLUME Command 9-13, 9-16 RESET-STATIC-FAILED-LOGONCOUNT 5-21 RESET-TEXT-DESCRIPTION attribute 5-20, 6-15 S SAFECOM authorized usage of 1-11 batch mode 3-1 command line length 4-29 de
S Index Security Manager Process (SMP) definition 1-11 when running SAFECOM 3-5 $ZSMP process name 1-11 $ZSMP (SMP process name) 3-5 Security Monitor definition 1-11 stopping 16-2 SECURITY-GROUP commands 13-3 SECURITY-OSS-ADMINISTRATOR 13-1 OSS security management privileges 13-2 Semicolon in comment 4-28 SET ALIAS command 6-38 SET DISKFILE command 8-57 SET OBJECTTYPE command 12-23 SET PROCESS command 11-28 SET SECURITY-GROUP command 13-25 SET SUBPROCESS command 11-28 SET SUBVOLUME command 9-28 SET USER c
T Index Subprocess security commands 11-5 for process names 11-1 for program object disk files 11-1 Subvolume authorization record adding 9-5 altering 9-12 attributes of 1-4 deleting 9-18 displaying default values 9-34 displaying information 9-21 freezing 9-19 managing from a remote node 9-11 ownership 9-2 resetting default values 9-26 setting default values 9-28 thawing 9-36 Subvolume names 2-8 Subvolume security commands 9-3 Super ID capabilities of 1-14 defined 1-14 denying authority 8-1, 9-1, 10-2, 11
V Index setting attribute values 5-40 thawing user access 5-59 who can manage 5-1 who owns 5-1 User ID defined 2-16 for network users 2-18 scalar view 5-31 structured view 5-28 with user sets 2-18 User names case 5-7 components of 2-17 defined 2-16 for network users 2-17 with user sets 2-18 User security commands 5-3 User sets 2-18 User-set lists 2-19 V Volume authorization record adding 9-5 altering 9-12 attributes of 1-4 deleting 9-18 displaying default values 9-34 displaying information 9-21 freezing
Special Characters Index ? command 4-26 ? wild card 2-1 Safeguard Reference Manual — 520618-030 Index - 12
