Security Management Guide (G06.29+, H06.08+, J06.03+)
Concerns for the System Administration Team
Security Management Guide — 522283-021
6 - 5
Group-Manager User IDs
Group-Manager User IDs
Member 255 of any administrative group is a group-manager ID. For example, user ID
8,255 is the group-manager ID of group number 8. As group manager for group
number 8, member 255 has the authority to:
Log on as any user whose administrative group is group number 8 without knowing
that user’s password (unless the Safeguard PASSWORD-REQUIRED option is
set)
Create new users whose administrative group is group number 8 (unless the
Safeguard OBJECTTYPE USER protection record has been defined otherwise)
Delete the user authentication records for users whose administrative group is
group number 8 (unless those group members are owned by other users through
Safeguard commands)
Manage the Safeguard user authentication records for users whose administrative
group is group number 8 (by default)
As with any user IDs that have access to privileged operations, group-manager IDs
should be given only to users who can be properly responsible.
In some environments, you might not use group-manager IDs because the privileges of
a group-manager ID make it a likely target of attack.
Anonymous or Guest User IDs
Avoid providing anonymous or guest user IDs because of the increased security risk. If
you must provide a guest user ID, consider these points:
A user ID that has a published password is a security risk. Be sure the advantages
outweigh the disadvantages.
Keep the user ID as unprivileged as possible. For example, the guest user ID
should not appear on the Safeguard access control list for any critical object. Also,
the guest user ID should not be a group manager ID or a member of the super
group.
Keep the guest user ID in a distinct group so that the guest user cannot access
files in other groups that are secured for group access.
Because outside intruders often look for guest user IDs as an easy way to access
a system, be sure that the guest user ID does not have an obvious user name and
password (for example, a user name of GUEST.GUEST with a password of
GUEST).
The guest user ID should not be the user ID 0,0 or 0,255. These IDs can stop all
TACL processes not logged on (unless a Safeguard protection record has
restricted the ability to stop such processes).