Security and authorization, Bypassing disabled log down, Ord, read the section – HP NonStop G-Series User Manual

Page 65: Bypassing

Advertising
background image

Scheduled Synchronization

HP AutoSYNC User’s Guide522580-016

4-7

Security and Authorization

Security and Authorization

A scheduled synchronization is managed by the AutoSYNC monitor process. The
monitor process starts ASYSYNCP processes for each AutoSYNC user who has been
added and who has configured synchronization file sets.

Initially, the ASYSYNCP process runs under the user ID of the authorizer, but when
accessing files, the ASYSYNCP process uses only the user ID and access rights of the
user who configured the file sets. When the process starts, it logs on as the user ID.
The change of user ID succeeds only when the authorizer is the Super user, the group
manager, or the AutoSYNC user. If the logon operation fails, ASYSYNCP terminates.

The user must have appropriate remote passwords to any remote destination.
AutoSYNC can only synchronize files that are secured for read access by the user ID.
It can only replace files that are secured for purge access by the user ID. If the
destination is remote, replaced files must be secured for remote purge access.

The ownership of synchronized symbolic links is a special case. By default, the owner
of a synchronized symbolic link is the syncuser and not the owner of the source
symbolic link or the OWNER specified in the

ADD SYNCFILESET

or

ALTER

SYNCFILESET

command option.

To change this behavior, see

Changing Default Ownership of Symbolic Links

on

page 5-7.

Bypassing Disabled Log Down

Some systems have restricted the ability of the Super user or group manager to logon
as another user without entering that user’s password. This restriction is configured
with the SafeGuard PASSWORD-REQUIRED setting but is often referred to as the
disabled log down, and effectively limits AutoSYNC to a single user who is the
authorizer.

In this situation, you have two options:

Configure a separate AutoSYNC environment, including a separate monitor
process, for each user who wishes to configure scheduled synchronizations, or

Bypass the disabled log down restriction by using a privileged ASYSYNCP process
on the source system. This requires the Super user ID on the source system.

Perform the following operations, on the source system, to make ASYSYNCP a
privileged program that can log down.

1. In BIND, issue the following commands:

ADD * FROM ASYSYNCP
SET LIKE ASYSYNCP
ALTER CALLABLE^LOG^DOWN, CALLABLE ON
SET SAVEABEND ON
BUILD ASYSYNCP!

Advertising
This manual is related to the following products:

Integrity NonStop J-Series, Integrity NonStop H-Series

Popular Brands
Popular manuals