Manualshelf

Security Management Guide (G06.29+, H06.08+, J06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
31323334353637383940
Guardian System Security
Security Management Guide 522283-021
2 - 4
Guardian File Security
The Guardian security specifier is a four-character string. Each position in the string
sets the security for one of four disk file operations:
RWEP
The first position (R) specifies who can read the file.
The second position (W) specifies who can write to the file.
The third position (E) specifies who can execute the file.
The fourth position (P) specifies who can purge the file.
In each position, users can specify one of the seven codes shown in Table 2-2 to
determine who can perform the associated operation.
For example, a security string of AOAO specifies that any local user (A) can read and
execute the file, but only the owner on the local system (O) can write to or purge the
file. F
or more information about setting and changing the security string, see
Guardian
Security on page 7-9.
Users can issue the WHO command to display their current default file-security string.
This default security string applies to all files a user creates. Users can change their
default file-security string with the DEF
AULT program. Under normal circumstances,
the new default file-security string does not take effect until the next time the user logs
on. For the change to take effect immediately, the user must enter a VOLUME
command with no parameters.
Both the FILEINFO command and the FUP INFO command display security strings for
individual files or all files in a subvolume. Users can change the security of files they
own using the FUP SECURE command.
Table 2-2. Guardian Disk-File Security Settings
Code Access
O Only the owner of the file on the local system can perform the designated
op
eration.
U Only the owner of the file on the local system or on the network can perform the
de
signated operation.
G Any member of the owner’s group on the local system can perform the designated
op
eration. Also, any local user whose (file-sharing) group list includes the owner’s
group can perform the operation.
C Any member of the owner’s group, either on the local system or on the network,
can perf
orm the designated operation. Also, any local or network user whose
(file-sharing) group list includes the owner’s group can perform the operation.
A Any user on the local system can perform the designated operation.
N Any user on the local system or on the network can perform the designated
op
eration.
- Only the local super ID can perform the designated operation.