Manualshelf

Safeguard User's Guide (G06.29+, H06.08+, J06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
61626364656667686970
Safeguard User’s Guide 422089-020
5 - 1
5
Securing Processes and
Subprocesses
You secure processes and subprocesses in generally the same manner as disk files
and subvolumes. You use the same set of commands: ADD, ALTER, DELETE,
FREEZE, INFO, RESET, SET, SHOW, and THAW. Also, except for EXECUTE
authority, the same access authorities—READ, WRITE, PURGE, CREATE, and
OWNER—apply to individual processes and subprocesses. There is no EXECUTE
authority for processes and subprocesses.
You can also use the same security attributes to specify auditing for processes and
subprocesses. Additionally, you can freeze and thaw an access control list for a
process or subprocess.
For additional information about protecting processes and subprocesses, refer to the
Safeguard Reference Manual.
Protection of Process and Subprocess Names
Until a process name is added to the Safeguard database, any user can create a
process with that name and access a process running with that name. Unless your
security administrator has restricted process protection, any user can add a process or
subprocess name to the Safeguard database and create an access control list for it.
An access control list for a process or subprocess name grants users (and processes
running on behalf of those users) any combination of the following access authorities:
The following command creates an authorization record for the process name $add,
associates the object text description as comments of the authorization record, gives
READ and WRITE authority to all members of group 33, and gives all authorities to
user ID 33,12:
=ADD PROCESS $add, OBJECT-TEXT-DESCRIPTION ‘‘Record created’’,
ACCESS 33,* (R,W); 33,12 *
READ The authority to open a process or subprocess with a protected name for input
operations.
WRITE The authority to open a process or subprocess with a protected name for output
op
erations.
CREATE The authority to create a process with a protected name. (A user must also
have EXECUTE
authority for the program object disk file.) CREATE authority
does not apply to subprocesses.
PURGE The authority to stop a process with a prot
ected name. PURGE authority does
not apply to subprocesses.
OWNER The authority to change the authorization reco
rd for the process or subprocess.