Manualshelf

Security Management Guide (G06.24+, H06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
111112113114115116117118119120
Security Management Guide522283-008
7-1
7
Concerns for the System
Administration Team
The system administration team consists of a system manager, system programmers,
and system operators although the titles of these functions can vary from one site to
another. At a small installation, one person might perform all these functions.
The system manager administers the system. A large network might have more than
one system manager, but one person usually assumes overall responsibility for this
function.
A system programmer creates custom programs and handles the details of system
configuration.
A system operator performs the routine tasks needed to keep the system operating
(such as system loads, shutdowns, backups, and maintenance).
In this section, you refers to the system administration team. The section points out
specific security issues that are you should address.
Managing User Names
This subsection discusses the security aspects of managing user names.
Administrative Groups
Every system user is a member of an administrative group. In addition, a user can be a
member of file-sharing groups. As many as 256 administrative groups, numbered from
0 through 255, can be defined. For purposes of managing users, each administrative
group can have up to 256 members who have member numbers from 0 through 255
within the group. For more information about administrative groups and file-sharing
groups, see the Safeguard Administrator’s Manual and the Safeguard Reference
Manual.
Belonging to a group gives the group member the right to access objects (such as files
and processes) that are secured for group access. In developing a strategy for
administrative group assignment, consider how classes of users will need to share
files. In considering administrative group assignment, remember that you can also
define file-sharing groups through the Safeguard software to facilitate the sharing of
files by a subset of users. For more information, see File-Sharing Groups on page 7-2.
If you do not use Safeguard access control lists (ACLs), group membership is the only
way to provide file access to a select subset of users. The Guardian G (group) and C
(community) file security specifiers permit access based on group membership.
If you use Safeguard ACLs, you can specify exactly which users have access to what
Guardian files. However, such a list can become so large that it exceeds the number of