Manualshelf

Security Management Guide (G06.24+, H06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
41424344454647484950
Guardian System Security
Security Management Guide522283-008
2-20
Operating Without the Super ID
following tasks, often associated with the super ID, can be performed by operators and
other users with proper access authorities.
In the following subsections and throughout this manual, super-group user means a
user whose administrative group is group number 255; that is, one whose user ID is
255,n.
However, if all members of group 255 are granted an authority based on the evaluation
of a Safeguard access control list or a Guardian security string, any file-sharing
members of group 255 are also granted the authority.
Controlling the Spooler
The control of spooler operation through the SPOOLCOM program requires only that
the user be logged on as a super-group user and have EXECUTE authority to the
SPOOLCOM program.
Bringing Up and Taking Down Devices
The control of devices using the PUP program requires only that the user be logged on
as a super-group user and have EXECUTE authority to the PUP program.
Backing Up the System
You can give super-group users EXECUTE authority to a PROGID copy of the backup
program with PROGID set to the super ID. (Be sure to update this copy of BACKUP
when you install a new version of the standard BACKUP program.) In this instance,
file-sharing super-group users also receive EXECUTE authority.
Because the USERID file can be backed up, a copy of it can be restored to a user
other than the original owner. This user then has access to the passwords kept in the
USERID file. If those passwords are encrypted, they cannot be compromised.
Passwords can be encrypted through the PASSWORD options mentioned in Optional
Security Features on page 2-11.
Starting and Stopping TMF
To start or stop HP NonStop Transaction Management Facility (TMF) requires only that
the user be logged on as a super-group user and have execute access to TMFCOM.
To clear the TMF configuration or the TMF catalog (through DELETE TMF or DELETE
CATALOG) requires that the user be logged on as the super ID.
Setting the Time
Setting the system time (through the SETTIME command) requires only that the user
be logged on as a super-group user.