Manualshelf

Security Management Guide (G06.24+, H06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
41424344454647484950
Guardian System Security
Security Management Guide522283-008
2-19
Controlling the Super ID
Without special mechanisms provided by the Safeguard software, the super ID has
unlimited access to all resources on a local system. For example, a user logged on as
the super ID could:
Log on as any other user ID without knowing that user’s password
Read, write, execute, or purge any file
Bring up or take down any device
The special abilities of the super ID on one system do not extend to another system. A
user logged on to a local system as the super ID is not accorded super ID privileges on
a remote system.
Controlling the Super ID
The control you place on using the super ID depends on the importance given to
security in your organization. Some suggestions mentioned here might not be
appropriate for all installations.
You can limit knowledge of the super ID password to the security administrator and to
the one or two people who handle emergencies. Change the password frequently, and
keep the only written copy under lock and key.
Where greater security is needed, take additional measures such as the ones that
follow.
Dual Custody of the Super ID Password
The security administrator can give half of the password to one person and the other
half to another. Then when an emergency arises, two users are required to log on as
the super ID. Accountability for any subsequent actions should be shared by these two
users.
Recovering the Super ID
If the super ID is deleted from the system, there are ways to recover it.
If no CIIN file was specified when the system was generated, you can perform a
system load from the system console. The system console operator becomes the
super ID and can then add the super ID to the USERID file.
If a CIIN file was specified when the system was generated, you must perform a
system load from a tape. The USERID file on the tape contains an entry for the super
ID.
Operating Without the Super ID
The super ID is needed only to perform critical tasks and to handle emergencies.
These tasks are listed in Tasks That Require the Super ID on page 2-21. However, the