Manualshelf

Security Management Guide (G06.29+, H06.08+, J06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
41424344454647484950
Guardian System Security
Security Management Guide 522283-021
2 - 22
Operating Without the Super ID
If no CIIN file was specified when the system was generated, you can perform a
system load from the system console. The system console operator becomes the
super ID and can then add the super ID to the USERID file.
If a CIIN file was specified when the system was generated, you must perform a
system load from a tape. The USERID file on the tape contains an entry for the super
ID.
Operating Without the Super ID
The super ID is needed only to perform critical tasks and to handle emergencies.
These tasks are listed in Tasks That Require the Super ID on page 2-23. However, the
following tasks, often associated with the super ID, can be performed by operators and
other users with proper access authorities.
In the following subsections and throughout this manual, super-group user means a
user whose administrative group is group number 255; that is, one whose user ID is
255,n.
However, if all members of group 255 are granted an authority based on the evaluation
of a Safeguard access control list or a Guardian security string, any file-sharing
members of group 255 are also granted the authority.
Controlling the Spooler
The control of spooler operation through the SPOOLCOM program requires only that
the user be logged on as a super-group user and have EXECUTE authority to the
SPOOLCOM program.
Bringing Up and Taking Down Devices
The control of devices using the PUP program requires only that the user be logged on
as a super-group user and have EXECUTE authority to the PUP program.
Backing Up the System
You can give super-group users EXECUTE authority to a PROGID copy of the backup
program with PROGID set to the super ID. (Be sure to update this copy of BACKUP
when you install a new version of the standard BACKUP program.) In this instance,
file-sharing super-group users also receive EXECUTE authority.
Because the USERID file can be backed up, a copy of it can be restored to a user
other than the original owner. This user then has access to the passwords kept in the
USERID file. If those passwords are encrypted, they cannot be compromised.
Passwords can be encrypted through the PASSWORD options mentioned in Optional
Security Features on page 2-11.