Manualshelf

Security Management Guide (G06.29+, H06.08+, J06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
31323334353637383940
Guardian System Security
Security Management Guide 522283-021
2 - 3
Guardian File Security
Identifying System Users
Each system user has a unique user name and user ID. A user name is in the form:
group-name.member-name
where group-name is the name of the administrative group to which the user belongs
and member-name identifies the individual user within the group.
A user ID is a pair of integers in the form:
group-number,member-number
where group-number identifies the user’s administrative group and member-number
identifies the user within the group. Each integer is in the range 0 through 255.
All user names and user IDs are kept in a system file. During a logon procedure, the
system checks this file to ensure that the user name in the LOGON command is valid
and that the correct password is supplied if required.
In addition to the user name and user ID, a user can also be assigned aliases. User
aliases can only be defined using the Safeguard software as described in Assigning
User Aliases on page 3-11.
Adding System Users
When a new system is initialized, only two users exist:
The super ID with the user name SUPER.SUPER and the user ID 255,255
A null user with the user name NULL.NULL and the user ID 0,0
With the ADDUSER program or the Safeguard ADD USER command, the super ID
user creates new administrative groups and adds new users to these groups. After
being added by the super ID user, a group manager (user ID n,255) can also add new
users to the administrative group with the group number n. For each new user, a user
name and corresponding user ID must be specified.
As many as 256 administrative group
s with a maximum of 256 users in each group can
be created for each system.
After a new user is established, the user can log on with the TACL LOGON command
to gain access to the system.
Guardian File Security
The Guardian environment provides a basic level of security for all disk files. Each
Guardian disk file has an owner and a file-security string. The creator of the file is the
initial owner of the file. When a user creates a file, it is automatically given the default
security string defined for the user. Individual users can change their default security
string or specify a different security string for an individual file. In addition, a user can
transfer ownership of a file to another user.