Manualshelf

Security Management Guide (G06.24+, H06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
21222324252627282930
Guardian System Security
Security Management Guide522283-008
2-4
Guardian File Security
With the ADDUSER program or the Safeguard ADD USER command, the super ID
user creates new administrative groups and adds new users to these groups. After
being added by the super ID user, a group manager (user ID n,255) can also add new
users to the administrative group with the group number n. For each new user, a user
name and corresponding user ID must be specified.
As many as 256 administrative groups with a maximum of 256 users in each group can
be created for each system.
After a new user is established, the user can log on with the TACL LOGON command
to gain access to the system.
Guardian File Security
The Guardian environment provides a basic level of security for all disk files. Each
Guardian disk file has an owner and a file-security string. The creator of the file is the
initial owner of the file. When a user creates a file, it is automatically given the default
security string defined for the user. Individual users can change their default security
string or specify a different security string for an individual file. In addition, a user can
transfer ownership of a file to another user.
The Guardian security specifier is a four-character string. Each position in the string
sets the security for one of four disk file operations:
RWEP
The first position (R) specifies who can read the file.
The second position (W) specifies who can write to the file.
The third position (E) specifies who can execute the file.
The fourth position (P) specifies who can purge the file.
In each position, users can specify one of the seven codes shown in Table 2-2 to
determine who can perform the associated operation.
Table 2-2. Guardian Disk-File Security Settings (page 1 of 2)
Code Access
O Only the owner of the file on the local system can perform the designated
operation.
U Only the owner of the file on the local system or on the network can perform the
designated operation.
G Any member of the owner’s group on the local system can perform the designated
operation. Also, any local user whose (file-sharing) group list includes the owner’s
group can perform the operation.
C Any member of the owner’s group, either on the local system or on the network,
can perform the designated operation. Also, any local or network user whose
(file-sharing) group list includes the owner’s group can perform the operation.