Manualshelf

Security Management Guide (G06.24+, H06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
61626364656667686970
Safeguard System Security
Security Management Guide522283-008
3-13
Emulating Guardian Security Strings
Emulating Guardian Security Strings
If you want Guardian files protected by Safeguard access control lists, but you want to
keep the access equivalent to the Guardian settings, you can emulate these security
settings with the Safeguard software. For example, you can create a Safeguard access
control list to emulate the Guardian security string of AOAO.
Table 3-1 lists the equivalent access control list representations for Guardian security
settings. The user ID 8,141 is used as an example.
Example
Using the user ID 8,141 as an example, you would translate the Guardian security
string AOAO to the following Safeguard access control list:
8,141 R,W,E,P, O
*,* R, E
The logic behind this translation is as follows:
The Guardian string grants READ and EXECUTE authority to anyone on the
system; hence the second access control list entry.
Because the Guardian string grants everyone READ and EXECUTE authority, the
owner (8,141) is implicitly granted these authorities. The Guardian string also
grants the owner WRITE and PURGE authority. Therefore, specify an entry
granting the owner all four authorities: READ, WRITE, EXECUTE, and PURGE.
Because the Guardian environment allows a file owner to change the security of a
file, you might also want to grant OWNER authority, as in this example. This
strategy allows the owner to change the security attributes for the file. Again, your
policy should state whether users can control the security of their files.
Reconsider the Settings
After converting Guardian strings to Safeguard access control lists, reconsider the
settings. Possibly the original security string was convenient and functional, but you
might be able to restrict access to a greater level of detail now that the file is controlled
Table 3-1. Safeguard Equivalents for Guardian Security Strings
Guardian Setting Safeguard Access Control List Equivalent
O (local owner) 8,141
G (local group) 8,*
A (any local user) *,*
U (network owner) \*.8,141
C (network group) \*.8,*
N (any user) \*.*,*
- (local super ID) 255,255