Components of the safeguard subsystem, Who can use the safeguard subsystem – HP Integrity NonStop J-Series User Manual
Page 27
Introduction to the Safeguard Subsystem
Safeguard User’s Guide — 422089-020
1 - 7
Components of the Safeguard Subsystem
The relationship between the Safeguard subsystem and the Guardian environment can
extend to a network of HP systems. Depending on your security requirements, you can
install the Safeguard software on a single node in your network, on a few nodes, or on
every node.
Components of the Safeguard Subsystem
The Safeguard subsystem consists of three major processes and several security
database files. The following Safeguard components reside on every system on which
the Safeguard software is installed:
•
A subject database, which contains a user authentication record for every user and
alias on the system
•
Object databases, which contain object authorization records for every object
under control of the Safeguard software
•
SAFECOM, the Safeguard command interpreter, which allows you to communicate
with the Safeguard subsystem
•
SMON, the Security Monitor, which authorizes all attempts to access protected
objects
•
SMP, the Security Manager Process, which is responsible for managing all
changes to the subject and object databases and for authenticating user logon
attempts
•
SHP, the Safeguard Helper Process, which assists SMP in identifying and updating
process attributes whenever the following user attributes in user database files are
modified:
°
AUDIT-USER-ACTION-PASS
°
AUDIT-UER-ACTION-FAIL
°
Primary group
°
Supplementary group list
°
Group count
Who Can Use the Safeguard Subsystem?
To use the Safeguard command interpreter, you must have EXECUTE authority for the
SAFECOM program. Your security administrator can limit this authority to certain users
by creating an access control list for the SAFECOM program file. This manual
assumes that you have execute authority for the SAFECOM program.
Initially, SAFECOM limits what certain classes of users can do. Normally, general users
can protect their own disk files, subvolumes, and processes with the Safeguard
software. General users can also manage the access control lists associated with their
disk files, subvolumes, and processes.