XYGATE Access Control Reference Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series

151

152

153

154

155

156

157

158

159

160

XYPRO Technology Corporation 123 Proprietary and Confidential

Appendix C: The ACACL File

The ACACL file is an edit file located in the same volume and subvolume as the

XYGATEAC object file. The ACACL file contains ACLGROUP definitions (refer to

section 2.7.3, “ACLGROUPs” on page 40) and ACACL Command Entries (starting on

page 138). These two types of entries contain all the information necessary for XAC to

execute commands for a NonStop Kernel user.

C1: Sample ACACL File

The following is the full text of the ACACLSAM file, which is provided as a record of a

sample ACACL file.

! This is the sample ACACL file shipped with the XYGATE AC product.

! You may copy any of the examples into your ACACL file

! modifying them to suit your own security configuration needs.

! Several examples of the most common XYGATE ACLGROUPS and COMMANDS

! are listed below.

!This profile refers to all users and all Safeguard aliases

!on all nodes in the system.

ACLGROUP $EVERYONE \*.*.* ALIAS:"\*.*"

!This profile refers to all users who are permitted access to the most

!sensitive commands.

ACLGROUP $SUPER 255,255

!This profile is for users allowed to act as group manages with certain

!privileges that are functional within their own groups. Some sites may

!want to remove the default of *,255 and just add specific userids.

ACLGROUP $GRPMGR *,255

!This profile is for users allowed security functions. Add the security

!administrator's userid here.

ACLGROUP $SECURITY 255,255 232,52 NETUNDERLYING:232,52

COMMAND TACL-255

!This command is used to give SUPER.SUPER privileges to

!authorized users.

DESCRIPTION "Privileged TACL"

USER 255,255 !Execute as SUPER.SUPER

OBJECT $SYSTEM.SYSNN.TACL !Run the TACL program

USER_SWITCH PRIVLOGON !Manage filesharing groups

!Allow only members of the $SUPER profile to use this command

ACL $SUPER

!Extend the ALIAS to all subordinate programs

ALIAS_ALL_PROCESSES

ALIAS "O " ">OBEY " !Replace all of the following commands

ALIAS "OBEY " ">OBEY " !with references to XYGATE/AC'S

ALIAS "O$" ">OBEY $" !internal >OBEY command which audits

ALIAS "O\" ">OBEY \" !all activity.

START_LOGGED_ON !Start up already logged on to 255,255.