5 securing processes and subprocesses, Protection of process and subprocess names, Securing processes and subprocesses – HP NonStop G-Series User Manual

Page 51

Advertising
background image

Safeguard User’s Guide422089-009

5 -1

5

Securing Processes and
Subprocesses

You secure processes and subprocesses in generally the same manner as disk files
and subvolumes. You use the same set of commands: ADD, ALTER, DELETE,
FREEZE, INFO, RESET, SET, SHOW, and THAW. Also, except for EXECUTE
authority, the same access authorities—READ, WRITE, PURGE, CREATE, and
OWNER—apply to individual processes and subprocesses. There is no EXECUTE
authority for processes and subprocesses.

You can also use the same security attributes to specify auditing for processes and
subprocesses. Additionally, you can freeze and thaw an access control list for a
process or subprocess.

For additional information about protecting processes and subprocesses, refer to the
Safeguard Reference Manual.

Protection of Process and Subprocess Names

Until a process name is added to the Safeguard database, any user can create a
process with that name and access a process running with that name. Unless your
security administrator has restricted process protection, any user can add a process or
subprocess name to the Safeguard database and create an access control list for it.

An access control list for a process or subprocess name grants users (and processes
running on behalf of those users) any combination of the following access authorities:

The following command creates an authorization record for the process name $add,
gives READ and WRITE authority to all members of group 33, and gives all authorities
to user ID 33,12:

=ADD PROCESS $add, ACCESS 33,* (R,W); 33,12 *

READ

The authority to open a process or subprocess with a protected name for input
operations.

WRITE

The authority to open a process or subprocess with a protected name for output
operations.

CREATE

The authority to create a process with a protected name. (A user must also
have EXECUTE authority for the program object disk file.) CREATE authority
does not apply to subprocesses.

PURGE

The authority to stop a process with a protected name. PURGE authority does
not apply to subprocesses.

OWNER

The authority to change the authorization record for the process or subprocess.

Advertising
This manual is related to the following products:

Integrity NonStop H-Series

Popular Brands
Popular manuals