Manualshelf

Security Management Guide (G06.24+, H06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
31323334353637383940
Guardian System Security
Security Management Guide522283-008
2-11
Disposition of Orphan Files
users default security. For example, after logging on as SUPER.ROBIN, the following
command changes the default security to NUNU for SUPER.ROBIN:
2> DEFAULT, "NUNU"
This change takes effect the next time SUPER.ROBIN logs on.
Disposition of Orphan Files
An orphan file is a file, other than a system file, owned by a nonexistent user. A file
becomes an orphan when the file owner leaves your organization, and you delete the
owner’s user ID. As long as the owners user ID does not exist, a properly secured
orphan file is not a security risk. However, a security problem can arise if you forget
about this file and later assign the user ID to someone else. The new user then owns
the orphan file and might acquire sensitive information from the previous owner.
To prevent the inheritance of sensitive files, use the Disk Space Analysis Program
(DSAP) to detect files that a user ID owns before you assign the user ID to a new user.
For example, before assigning the user ID 254,10 to a new user, enter a DSAP
command for each volume in the system to locate any files remaining from the
previous 254,10 user. To search the system volume ($SYSTEM):
3> DSAP $SYSTEM, USER 254,10, DETAIL
This display appears:
PAGE 0 DSAP -- $SYSTEM on \MYSYS -- ????????.???????? --
Disc Space Analysis Program -- T9074Xnn - (ddMMMyy)
Summary of space use for ????????.???????? on $SYSTEM
No files allocated.
The output from DSAP shows that the user 254,10 does not own any files on
$SYSTEM, so the disk is free from any orphan files owned by that user. If DSAP finds
any files owned by the user ID in question, DSAP displays those files.
You must determine what to do about orphan files. Either delete them or use the FUP
GIVE operation to change their ownership to another user ID.
Optional Security Features
Guardian settings allow you to alter the behavior of the TACL and PASSWORD
programs. These features include blind logon, blind password changes, password
encryption, automatic logoff for idle terminals, and other features that vary with the
product version. For more information, see the TACL Reference Manual.