SeeView Server Gateway (SSG) Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series

111

112

113

114

115

116

117

118

119

120

SSG Commands

HP NonStop SeeView Server Gateway (SSG) Manual—526356-004

4-11

SET Command

•

If SSGCONFSEARCH is ON, the commands are located in the user's

SSGCONF file, and that file is owned by the SUPER group

•

If the command is entered interactively by a user logged on with SUPER

group authority

If SECURERESTRICT is ON and none of the preceding statements are true,

the SECURE command is rejected with an error.

If SECURERESTRICT is OFF, SECURE commands are accepted in all cases,

with these considerations regarding processing of SSGCONF files:

•

To prevent potential misuse of $SYSTEM.SYSTEM.SSGCONF, SSGCOM

accepts only SECURE commands located in the file if the file is owned by

the SUPER group.

•

SECURE commands located in the user's SSGCONF file are read only if

SSGCONFSEARCH is ON. If SECURERESTRICT is OFF, and

SSGCONFSEARCH is also OFF, any SECURE settings defined in the

user's SSGCONF file are not processed.

If SECURERESTRICT is OFF, interactive SECURE commands are always

permitted, but the SSG process itself authenticates that the SSGCOM's userid

matches the SSG accessorid before it accepts any SECURE request. In

addition, if SSGCONFSEARCH is ON, any SECURE commands located in the

user's SSGCONF file are also processed, regardless of the ownership of that

file.

If SECURERESTRICT is ON, it can be set to OFF only if the user has SUPER

group authority. The user must either be logged on under a SUPER group ID,

or the SET SECURERESTRICT OFF command must be located in an

SSGCONF file owned by the SUPER group.

SSGCONFSEARCH ON | OFF

determines how SSGCOM searches for the appropriate SSGCONF file.

SSGCOM initially reads the SSGCONF file located in $SYSTEM.SYSTEM. If

the SSGCONFSEARCH value specified in that file is OFF, if the file is not

owned by the SUPER group, or if the file is not found, SSGCOM does not

search for any other SSGCONF file. However, if the SSGCONFSEARCH value

specified in the file is ON, SSGCOM loads the SSGCONF file from the user's

default subvolume. This mechanism lets you define systemwide configuration

rules using the SSGCONF file on $SYSTEM.SYSTEM and then optionally

tailor that configuration on a per-user basis using SSGCONF files located in

user subvolumes.

If SECURERESTRICT is set to ON, SUPER group authority is required to alter

the SSGCONFSEARCH setting. The user must either be logged on under a

SUPER group ID, or the SET SSGCONFSEARCH command must be located

in an SSGCONF file owned by the SUPER group.