Security Management Guide (G06.29+, H06.08+, J06.03+)
Guardian System Security
Security Management Guide — 522283-021
2 - 21
Managing the Super ID
Managing the Super ID
The super ID is user ID 255,255. Managing its use is crucial to protecting a NonStop
system because the super ID bypasses the protective restrictions that the operating
system applies to other users. In general, the less you rely on the super ID, the more
secure your system is.
Abilities of the Super ID
The super ID sets up a system initially and resolves system emergencies. It is not
intended for routine operational use.
Without special mechanisms provided by the Safeguard software, the super ID has
unlimited access to all resources on a local system. For example, a user logged on as
the super ID could:
Log on as any other user ID without knowing that user’s password
Read, write, execute, or purge any file
Bring up or take down any device
The special abilities of the super ID on one system do not extend to another system. A
user logged on to a local system as the super ID is not accorded super ID privileges on
a remote system.
Controlling the Super ID
The control you place on using the super ID depends on the importance given to
security in your organization. Some suggestions mentioned here might not be
appropriate for all installations.
You can limit knowledge of the super ID password to the security administrator and to
the one or two people who handle emergencies. Change the password frequently, and
keep the only written copy under lock and key.
Where greater security is needed, t
ake additional measures such as the ones that
follow.
Dual Custody of the Super ID Password
The security administrator can give half of the password to one person and the other
half to another. Then when an emergency arises, two users are required to log on as
the super ID. Accountability for any subsequent actions should be shared by these two
users.
Recovering the Super ID
If the super ID is deleted from the system, there are ways to recover it.