Gui:operator, Program security – HP UX B6941-90001 User Manual

452

Chapter 10

Tuning, Troubleshooting, Security, and Maintenance

ITO Security

It is neither necessary nor specifically recommended to start the Motif
administrator GUI as a unix user with root privileges (user ID 0). In
addition, when saving the output of database reports on the ITO
configuration, the owner of the files that are written is the unix user who
started ITO. Otherwise, the behavior of the administrator GUI is the
same as the operator GUI.

The Operator GUI

During installation the ownership and permissions of the

opcrlogin

utility will be set as follows:

-r-xr-x--- root opcgrp /opt/OV/bin/OpC/opcrlogin

In addition, when opening an ITO Virtual Terminal or starting an ITO
Input/Output Application on a node, the

.rhosts

entry for the operator’s

unix user (if present) is used in preference to the entry for user

opc_op

in order to enable the operator to log on without entering a password.

Integrated applications (menu items introduced using an ITO “OV
Service” application or registered actions represented by an ITO “OV
Application”) that are started from ITO start under the same unix user
as the operator, which is not usually

opc_op

.

Program Security

The HP-UX 10.x and 11.x programs

/opt/OV/bin/OpC/opc

and

/opt/OV/bin/OpC/opcuiadm

) have the s-bit (set user-ID on execution).

For MPE/iX, note that the job OPCSTRTJ.BIN.OVOPC contains the
readable password of AGENT.OVOPC if the standard STREAM facility
is used. If you have specified a customized stream command in the

Advanced Options

sub-window of the

Add/Modify Node

window, no

password is inserted in OPCSTRTJ.BIN.OVOPC. Note that this entry
is only established during first-time installation, or if the ITO entry is
found in SYSSTART.PUB.SYS.

Change the job according to your security policies. The job is streamed
during system boot by SYSSTART.PUB.SYS and is responsible for
starting the Local Location Broker (if not yet running) and the ITO
agents.