Manualshelf

Security Management Guide (G06.29+, H06.08+, J06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
31323334353637383940
Guardian System Security
Security Management Guide 522283-021
2 - 10
Disposition of Orphan Files
SUPER .PAT 255,015 NUNU $SPOOL.PAT
SUPER .ROBIN 255,200 AAAA $SPOOL.ROBIN
SUPER .SERVICE 255,253 NNNN $SPOOL.CEAIDS
SUPER .SPOOL 255,030 AAAA $SPOOL.SPOOLER
.
.
.
In the SECURITY column, you can see that SUPER.ROBIN and SUPER.SPOOL have
a default security setting that allows anyone on the local system to write to or purge
newly created files. An intruder might access these files to advantage. Similarly, the
user ID SUPER.SERVICE creates files that could be written to or purged by any
network user.
Examine the output of the USERS command. Or place the output in a text file and use
an editor’s column search feature to delete all lines where the default security is
acceptable. This method creates a list of users whose default security should be
revised.
Changing Default Security
Users can change their default security using the DEFAULT program. A user’s group
manager or the super ID can also change the user’s default security string. However,
the user’s group manager or the super ID must first log on as the user to change the
user’s default security. For example, after logging on as SUPER.ROBIN, the following
command changes the default security to NUNU for SUPER.ROBIN:
2> DEFAULT, "NUNU"
This change takes effect the next time SUPER.ROBIN logs on.
Disposition of Orphan Files
An orphan file is a file, other than a system file, owned by a nonexistent user. A file
becomes an orphan when the file owner leaves your organization, and you delete the
owner’s user ID. As long as the owner’s user ID does not exist, a properly secured
orphan file is not a security risk. However, a security problem can arise if you forget
about this file and later assign the user ID to someone else. The new user then owns
the orphan file and might acquire sensitive information from the previous owner.
To prevent the inheritance of sensitive files, use the Disk Space Analysis Program
(DSAP) to detect files that a user ID owns before you assign the user ID to a new user.
For example, before assigning the user ID 254,10 to a new user, enter a DSAP
command for each volume in the system to locate any files remaining from the
previous 254,10 user. To search the system volume ($SYSTEM):
3> DSAP $SYSTEM, USER 254,10, DETAIL
This display appears:
PAGE 0 DSAP -- $SYSTEM on \MYSYS -- ????????.???????? --