Manualshelf

Security Management Guide (G06.24+, H06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
71727374757677787980
Security Management Guide522283-008
4-1
4 OSS System Security
This section describes the security features relevant if you are working in the OSS
environment. Also review Section 2, Guardian System Security, and Section 3,
Safeguard System Security, because some Guardian and Safeguard security features
apply to the OSS environment. In particular, the Safeguard software must be used to
add and manage users who will work in the OSS environment.
All users must log on through the Guardian environment. To enter the OSS
environment after logging on, a user enters the osh command as described in the
Open System Services User’s Guide.
Interoperability With Safeguard Security
Safeguard security features affect your use of the OSS environment in the following
ways:
All system users are added and managed by using SAFECOM USER commands.
All user aliases are added and managed by using SAFECOM ALIAS commands.
All file-sharing groups are added and managed by using SAFECOM GROUP
commands.
Safeguard volume protection records can control who is authorized to create disk
files on specific disk volumes.
Safeguard process-protection records can control who is authorized to use specific
process names.
Safeguard access control lists cannot be used to protect OSS files. An access to OSS
file is controlled by OSS file-permission bits and access control lists that are supported
by the OSS file system. For more information, see Permission Codes on page 4-3.
User Administration
Authentication records for all system users, including those who work in the OSS
environment, must be added and managed by using SAFECOM USER commands.
Some attributes defined in a user-authentication record apply exclusively to the OSS
environment. These attributes include the user’s primary group, initial working
directory, initial program, and initial program type.
A user’s initial working directory in the OSS environment is specified by the INITIAL-
DIRECTORY attribute in the authentication record for that user. The initial directory is
where the user is placed in the OSS environment when the osh command is executed.
Note. The OSS access control lists are supported only on systems running G06.29 and later
G-series RVUs and H06.08 and later H-series RVUs.