Manualshelf

Security Management Guide (G06.29+, H06.08+, J06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
51525354555657585960
Guardian System Security
Security Management Guide 522283-021
2 - 23
Tasks That Require the Super ID
Starting and Stopping TMF
To start or stop HP NonStop Transaction Management Facility (TMF) requires only that
the user be logged on as a super-group user and have execute access to TMFCOM.
To clear the TMF configuration or the TMF catalog (through DELETE TMF or DELETE
CATALOG) requires that the user be logged on as the super ID.
Setting the Time
Setting the system time (through the SETTIME command) requires only that the user
be logged on as a super-group user.
Controlling Applications
The requirements for controlling an application are determined by the application itself.
Running INSTALL
Normally the super ID is required to perform a system installation or update.
However, if the INSTALL program has PROGID set to the super ID, other users can
run INSTALL. Secure INSTALL so only the super-group user has EXECUTE authority.
In this instance, file-sharing super-group users also receive EXECUTE authority.
Running and Starting Other Programs
Several programs that normally can be run by only the super ID can be run by other
users if the programs are licensed. For example, DCOM, SCP, ZSERVER, and OSMP
fall into this category. If these programs are licensed, be sure only the super-group
user has EXECUTE authority. In this instance, file-sharing super-group users also
receive EXECUTE authority.
Often, the super ID is used for programs, such as PEEK and DIVER, are restricted to
the super-group user
. Also, privileged commands in programs such as TAPECOM and
SPOOLCOM can be issued by super-group users.
Tasks That Require the Super ID
Although the super ID is not required for day-to-day operations, some situations
require the super ID.
Licensing a Program
Only the super ID can license a program containing privileged instructions. For
example, PUP (Peripheral Utility Program) must be licensed to allow super-group
users to use it for routine operating tasks such as bringing up and taking down devices.
Because granting a license to a program can defeat the protection provided by the
operating system, only trusted programs should be licensed. Only the super ID can
revoke the license on a program.