Manualshelf

Security Management Guide (G06.24+, H06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
41424344454647484950
Guardian System Security
Security Management Guide522283-008
2-21
Tasks That Require the Super ID
Controlling Applications
The requirements for controlling an application are determined by the application itself.
Running INSTALL
Normally the super ID is required to perform a system installation or update.
However, if the INSTALL program has PROGID set to the super ID, other users can
run INSTALL. Secure INSTALL so only the super-group user has EXECUTE authority.
In this instance, file-sharing super-group users also receive EXECUTE authority.
Running and Starting Other Programs
Several programs that normally can be run by only the super ID can be run by other
users if the programs are licensed. For example, DCOM, SCP, ZSERVER, and OSMP
fall into this category. If these programs are licensed, be sure only the super-group
user has EXECUTE authority. In this instance, file-sharing super-group users also
receive EXECUTE authority.
Often, the super ID is used for programs, such as PEEK and DIVER, are restricted to
the super-group user. Also, privileged commands in programs such as TAPECOM and
SPOOLCOM can be issued by super-group users.
Tasks That Require the Super ID
Although the super ID is not required for day-to-day operations, some situations
require the super ID.
Licensing a Program
Only the super ID can license a program containing privileged instructions. For
example, PUP (Peripheral Utility Program) must be licensed to allow super-group
users to use it for routine operating tasks such as bringing up and taking down devices.
Because granting a license to a program can defeat the protection provided by the
operating system, only trusted programs should be licensed. Only the super ID can
revoke the license on a program.
For more information, see Licensing Programs on page 2-22.
Setting PROGID to Super ID
The super ID must set PROGID for programs that need to run under the super ID.
Examples of this strategy are given for BACKUP and INSTALL earlier in this section.
For more information, see PROGID Programs on page 2-26.