XYGATE Access Control Reference Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series

151

152

153

154

155

156

157

158

159

160

XYGATE

Access Control Reference Manual

Appendix C: The ACACL File

XYPRO Technology Corporation 131 Proprietary and Confidential

INPUT "XYGATEAC_RUN_MACRO -EXIT -PLAIN -BREAK XMA_PWCOLD"

!If macro times out, do not send timeout to starting process

PASSONTIMEOUT OFF

OPENSBYOBJECTS \*.$*.*.* !Allow all subordinate to be started

VERIFYUSER $EVERYONE

TRACKVOLUME

PASSWORDTIMEOUT 60

COMMAND OSS-AUDITED-SHELL

!The command starts an OSS shell for a regular user. The user

!must enter the user's own OSS space userid.

!XYGATE/OA is used to mediate OSS access.

DESCRIPTION "OSS keystroke audited shell"

USER GROUP,USER !Start XYGATEOA as the invoking userid.

!Use XYGATE/OA plugin to XAC

OBJECT $VIK.XAC575.XYGATEOA

ACL $EVERYONE

OPENSBYOBJECTS \*.$*.*.*

START_LOGGED_ON

STARTUP "-xac" !Use XYGATEOA as XYGATEAC plugin

!Prompt for a userid and password in OSS space

AUTHENTICATE_USER ON

STOPONERROR 60,66,140,190,191

DONOTSTOP $*.*.PATHTCP2

COMMAND OSS-SUPER-SHELL

!This command starts an OSS shell as SUPER.SUPER without having to

!enter the SUPER.SUPER userid. It requires the XYGATEOA plugin.

DESCRIPTION "Start OSS shell as SUPER.SUPER"

USER 255,255 !Start XYGATEOA as SUPER.SUPER.

OBJECT $VIK.XAC575.XYGATEOA

ACL $SUPER

OPENSBYOBJECTS \*.$*.*.*

STARTUP "-xac" !Use XYGATEOA as XYGATEAC plugin

STOPONERROR 60,66,140,190,191

DONOTSTOP $*.*.PATHTCP2

USER_SWITCH PRIVLOGON !Manage filesharing groups

COMMAND OSS-CHOWN-HOME

!This command changes owners using SUPER.SUPER as the PAID so that

!there are no restrictions on which file can have its owner changed.

!USER_SWITCH PRIVLOGON is required to make filesharing groups

!work. The first two parameters are passed to the chown command.

!The AUDIT_OUTPUT_COUNT keyword ensures that the output to this

!is audited as well.

DESCRIPTION "USAGE = chown owner[:group] file"

USER 255,255 !The PAID is set to SUPER.SUPER

OBJECT $VIK.XAC575.XYGATEOA

ACL $SECURITY

USER_SWITCH PRIVLOGON !Filesharing groups will work

STARTUP "-xac" !XYGATE/OA works as plug-in to XYGATE/AC

INPUT "/bin/chown %1 %2"

INPUT "exit"

PERCENT ON

PASSONTIMEOUT OFF

VERIFYUSER $EVERYONE

OPENSBYOBJECTS \*.$*.*.*

AUDIT_OUTPUT_COUNT 60 !Write first 60 lines of output to audit