Manualshelf

Security Management Guide (G06.24+, H06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
71727374757677787980
OSS System Security
Security Management Guide522283-008
4-2
File-Sharing Groups
The following example illustrates creating the directory /home/dandy in the OSS
environment and then assigning that directory as the initial working directory for the
user PROG.DAN.
In the OSS environment, issue the following command to create the directory:
$ mkdir /home/dandy
Be sure PROG.DAN owns the directory and is granted all permissions for it.
In SAFECOM, execute the following command to specify the directory as the initial
directory for PROG.DAN:
=ALTER USER PROG.DAN, INITIAL-DIRECTORY /home/dandy
Similarly, you can specify the user’s initial program and initial program type by using
SAFECOM USER commands.
A user’s primary group is defined in the user-authentication record for that user. When
an OSS file is created, the group portion of the file permissions applied to the file refers
to the primary group of the user who created the file.
If a PRIMARY-GROUP attribute is not specified when a user-authentication record is
defined, that attribute is set to the user’s administrative group. For example, assume
that no primary group was specified for PROG.DAN. Therefore, Dan’s administrative
group, PROG, is his primary group. To assign PROG.DAN to a different primary group,
Test3, enter the following SAFECOM command:
=ALTER USER PROG.DAN, PRIMARY-GROUP Test3
The group permissions for OSS files created by PROG.DAN now refer to the group
Test3. Users who are members of the group Test3 have access to Dan’s files based on
these group permissions. If necessary after PROG.DAN creates a file, he can use the
chgrp command to change the group permissions to refer to another group in his
group list.
File-Sharing Groups
File-sharing groups are particularly important in the OSS environment. Each user has a
group list that contains the names of all groups to which that user belongs. When the
user attempts to access a file, the file’s group permissions are granted to that user if
the user’s group list includes the name of the file’s group. If the file’s group does not
appear on the user’s group list, the group permissions are denied, and the user is
granted the permissions specified for all other users.
File-sharing groups are created and managed by using SAFECOM GROUP
commands.
Volume Create Authority
Each time an OSS file is created, the Safeguard software checks whether a Safeguard
volume-protection record exists for the physical volume on which the file is to reside. If
a such a volume-protection record exists, the user creating the file must have create