Administrator's Guide
Boot attributes These attributes control boot authentication,
defining which users are authorized to boot the
system into single-user mode. See boot
authentication information in Chapter 1.
Switch user (su) attributes These attributes define the PATH environment
value, root group name for the su command, and
whether or not su should propagate certain
environment variables. See su(1) for more
information.
Audit attribute This attribute controls whether or not users are to
be audited. The audit attribute is checked during
the login process. See audit(5) for more
information about HP-UX auditing.
umask attribute This attribute controls umask() of all sessions
initiated by pam_unix or pam_hpsec. See
pam_unix(5) and pam_hpsec(5) for more
information. The umask attribute is checked during
the login process.
The system uses these files to process the attributes:
• /etc/default/security
• /var/adm/userdb
• /etc/security.dsc
• /etc/passwd
• /etc/shadow
Each attribute has a per-user value in only one of these locations: /etc/password,
/etc/shadow, or the user database in /var/adm/userdb. Each attribute and its
per-user location are explained in the security(4) manpage.
The system checks what attributes apply in the following ways:
• The system examines the per-user attribute values in the /var/adm/userdb user
database, the /etc/passwd file, or the /etc/shadow file.
• If there is no per-user value, then the system examines the configurable systemwide
default attributes in /etc/default/security.
• If there are no configurable systemwide default attributes, then the system uses the
default attributes in /etc/security.dsc.
The security attributes description file, /etc/security.dsc, lists the attributes you
can define /etc/default/security and in the user database in /var/adm/userdb.
Some attributes are configurable and some are internal. Do not modify the /etc/
security.dsc file in any way.
2.5 Defining System Security Attributes 47