Manualshelf

Security Management Guide (G06.29+, H06.08+, J06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
71727374757677787980
Safeguard System Security
Security Management Guide 522283-021
3 - 14
Testing Access Control Lists
Because the Guardian string grants everyone READ and EXECUTE authority, the
owner (8,141) is implicitly granted these authorities. The Guardian string also
grants the owner WRITE and PURGE authority. Therefore, specify an entry
granting the owner all four authorities: READ, WRITE, EXECUTE, and PURGE.
Because the Guardian environment allows a file owner to change the security of a
file, you might also want to grant OWNER authority, as in this example. This
strategy allows the owner to change the security attributes for the file. Again, your
policy should state whether users can control the security of their files.
Reconsider the Settings
After converting Guardian strings to Safeguard access control lists, reconsider the
settings. Possibly the original security string was convenient and functional, but you
might be able to restrict access to a greater level of detail now that the file is controlled
by an access control list. For example, if two groups need access to the file, the
original Guardian string would have to give everyone access. However, with a
Safeguard access control list, you can specify only the two groups that need access.
Testing Access Control Lists
You can test access control lists in a special state of Safeguard operation called
warning mode. In this special mode, the Safeguard software allows access to any
object that has an access control list even if the access control list does not grant
access. Instead of denying such access attempts, the Safeguard software creates
audit records of them. By examining these audit records, you can check the
effectiveness of your access control lists before implementing them in a production
environment. For details about warning mode, refer to the Safeguard Administrator’s
Manual.
Securing Critical Objects
Nonprivileged users can secure several system objects–in particular, processes,
subprocesses, subvolumes, and disk files. Secure all critical objects of these types
before a nonprivileged user has a chance to secure them, or restrict the ability to
secure these types of objects by creating OBJECTTYPE authorization records.
Securing Disk Files
Secure system files that HP supplies. These files reside in the $SYSTEM.SYSTEM
subvolume and in the $SYSTEM.SYSnn subvolume. The type of access required
varies depending on the type of file. Programs such as PASSWORD, TEDIT, and
TACL need to be used by most users, while programs such as SCF need to be used
primarily by the operations staff.
System files are generally owned by the super ID (255,255). T
o minimize the power of
the super ID, you might want to transfer ownership of system files to an existent but
frozen user. The security administrator or another trusted member of the security staff