HP OpenVMS Systems

ask the wizard
Content starts here

Security, Untrusted Privileged Users?

» close window

The Question is:

I have a number of privilege users on the system with the following privileges:
I want to protect certail system level files and/or utilities. For example, I
 do not want them to get into the UAF utility and add/modify/delete UAF Records.
I set the following ACL on the .EXE and the .DAT file, but they still can gain
SYSUAF.DAT;2                                  90/90       6-NOV-2000 18:53:59.64

The Answer is :

  The mechanism used to protect files and other objects is the privilege.
  You cannot protect against any access by any user with any of the more
  powerful privileges -- any privilege in the "all" category -- by any
  means other than the removal of the privilege(s).
  Again, you cannot protect against a privileged user.  Again, you must
  either remove the privilege(s), or you must trust the user -- or the
  two users, in the case of a two-person (two-password) login -- to act
  Please review the OpenVMS security documentation for further information,
  and for privilege and protection recommendations, and for details of
  operating in a secure environment -- see the NCSC Class C2 appendix,
  among other portions of the manual.
  Related topics include (5639), (7368), (7813), and others.

answer written or last revised on ( 5-AUG-2002 )

» close window