HP OpenVMS Systems

ask the wizard
Content starts here

Untrusted Privileged Users and Security?

» close window

The Question is:

I have to protect the sysuaf from other privileged users on the system. I added
 an ACL to Authorize.exe and sysuag.dat, and added a second acl to restrict all
 others. Ex.
Identifier=[*,*],access=none. Privileged users where still able to access the
 sysuaf. I noticed that the authorize.exe file is installed with privileges. I
 de-installed the image and the acl structure worked fine. My quesiton is, Is
 it necessary to have a
uthorize.exe installed? And if not, which startup file installs the image?

The Answer is :

  If you do not trust your privileged users, then you have no security.
  Any sufficiently privileged user can perform any desired action.
  You can not protect your system against privileged users, as privileges
  are central the mechanisms that are used for the purpose of protection
  and access control.  Privileges are a key part of the mechanisms that are
  used to protect the system against nefarious activities, and also against
  untrusted, untrained or otherwise careless users.
  You will notice that AUTHORIZE is installed solely with AUDIT privilege,
  and AUDIT privilege does not grant any enhanced system file access.
  The installation of AUTHORIZE (with the AUDIT privilege) is required by
  The removal or alteration or relocation or deletion of any image that
  is provided by OpenVMS -- unless requested by a Compaq representative
  or otherwise explicitly documented by OpenVMS -- is not recommended.
  If you cannot trust privileged users and cannot disable all untrusted
  privileged users -- you will want to seriously consider the use of the
  multiple-password login for all privileged users.  With this mechanism,
  two users must be present to log into any privileged username.  You will
  also want to consider the creation and use of dedicated (captive) logins
  for certain tasks that require privileges, or the creation and use of
  images and the INSTALL utility or the privileged subsystem mechanism.
  You will want to read through and understand the OpenVMS Guide to System
  Security manual, you will want to seriously consider following the
  guidelines in the appendix of the aforementioned manual covering the
  creation and operation of OpenVMS in a Class C2 environment, and you
  will want to consider a security review.

answer written or last revised on ( 27-DEC-2000 )

» close window