Manualshelf

Security Management Guide (G06.24+, H06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
31323334353637383940
Guardian System Security
Security Management Guide522283-008
2-7
Sanitizing a NonStop System
Adopting the Owner ID of a Program File (PROGID)
PROGID allows the owner of a program file (or the super ID) to specify that the PAID of
any Guardian process created by running that program file is the same as the owner ID
of the program file rather than the PAID of the creating process. This option allows the
owner of the program file to control the files that the new process can access and to
control the operations that can be performed on or by the process. Specify PROGID
with the FUP SECURE command or the SETMODE or SETMODENOWAIT procedure.
For more information about the use and implications of the PROGID option, see Uses
of PROGID Programs on page 2-26.
The LICENSE Attribute
If a program contains privileged procedures (procedures having the CALLABLE or
PRIV attribute), it must be licensed before it can be run by any user other than the
super ID. The super ID must perform licensing through the FUP LICENSE command.
Programs running in the privileged mode have total freedom to access operating
system tables and to execute privileged instructions and procedures, so such
programs might circumvent the file security checks and thereby gain access to any file.
However, the system needs some privileged programs. Through licensing, the
installation can run privileged programs that it has authorized, but users cannot run
unauthorized privileged programs.
For more information about licensing and its implications, see Licensing Programs on
page 2-22.
Guardian Network Security
Users can be granted access to more than one node and can have access authority for
remote objects. A user who can access objects on one or more remote nodes is called
a network user.
Defining a network user requires that the user be given the same user name, user ID,
and remote password at both nodes. After a network user has been given the ability to
access a remote node, that ability can be revoked at either the user’s local node or at
the remote node.
For more information, see the Guardian User’s Guide or the Safeguard Administrators
Manual.
Sanitizing a NonStop System
The term sanitize means to secure a system that has not been secure and to institute
procedures to keep the system secure as it evolves. Follow these procedures from the
moment the NonStop software is installed and while applications are being developed,
tested, and put into production: