HP OpenVMS Systems

ask the wizard
Content starts here

File Protections, Security, Privileges?

» close window

The Question is:

I want to define a general operator through adduser utility with minimum
security privileges provided (netmbx only). After logging through this general
user i want operators(with full security privileges granted ) to login and
 their corresponding log files  be generated.
for this i am using the command in my shell script
$ set host 0 /log
(a)Can you suggest any other method ?
(b) the files sethost.log can be edited through any account even though
the protection given is
$set protection=(S:R,O:R,G:R,W:R) sethost.log
can you describe what commands are to bo issued for file protection.??
(c)what are proxy accounts? can proxy account do the same work??

The Answer is :

  In other words, you wish to maintain a tracing of all activities...
  There is no particularly supported means for this.
  Alternative approaches include enabling and using system alarms
  and system auditing, and configuring privileges and identifiers
  and access control lists appropriately for the (required) access.
  Also of interest can be subsystem identifiers and installed (with
  privileges) images -- of these two, the former often provides an
  easier and more controllable approach.)
  The OpenVMS Wizard does not normally recommend generic usernames,
  as this hinders security -- passwords cannot be changed as easily,
  and establishing individual responsibility is difficult at best.
  For details on OpenVMS file protections and security in general,
  please see the OpenVMS system security manual, and particularly for
  this case please see the information included there that is related
  to the resource identifier mechanism, and to the creation and operation
  of scratch directories and such.
  Also note that your OpenVMS version is sufficiently ancient as to
  lack specific security-related changes made in slightly less ancient
  OpenVMS releases -- specifically V6.0 and later -- and these OpenVMS
  changes were designed to address the privileges and requirements for
  superceding files, and the associated file protection checks needed.

answer written or last revised on ( 2-JAN-2002 )

» close window