Manualshelf

Technical data

ManualsBrandsCompaq ManualsPrinterLA36
191192193194195196197198199200
Managing User Accounts
7.1 Understanding the User Authorization File
Table 72 (Cont.) System Privileges
Category Privilege Activity Permitted
System ALTPRI
AUDIT
OPER
PSWAPM
SECURITY
SYSLCK
WORLD
Set base priority higher than allotment
Generate audit records
Perform operator functions
Change process swap mode
Control any process
Perform security-related functions
Lock systemwide resources
Objects DIAGNOSE
IMPORT
MOUNT
SYSGBL
VOLPRO
READALL
Diagnose devices
Mount a nonlabeled tape volume
Execute mount volume QIO
Create systemwide global sections
Override volume protection
Bypass existing restrictions to read an object
All BYPASS
CMEXEC
CMKRNL
DETACH
DOWNGRADE
LOG_IO
PFNMAP
PHY_IO
READALL
SETPRV
SHARE
SYSNAM
SYSPRV
UPGRADE
Disregard protection
Change to executive mode
Change to kernel mode
Create detached processes of arbitrary UIC
Write to a lower secrecy object or lower an object’s
classification
Issue logical I/O requests
Map to specific physical pages
Issue physical I/O requests
Possess read access to all system objects
Enable any privilege
Access devices allocated to other users
Insert system logical names in the name table
Access objects through system protection field
Write to a higher integrity object or raise an object’s
integrity level
Because certain images (such as SET.EXE) require access to the system UAF and
are normally installed with the SYSPRV privilege, make sure you always grant
system access to SYSUAF.DAT.
7.2 Understanding the Protection of Authorization Files
To display the protection codes for any file, use the DCL command
DIRECTORY/PROTECTION.
Authorization files are created with the following default protections:
User authorization file, SYSUAF.DAT
The user authorization file, SYSUAF.DAT, is created with the following
default protection:
SYSUAF.DAT S:RWED, O:RWED, G, W
Proxy authorization files, NETPROXY.DAT and NET$PROXY.DAT
Two proxy authorization files, NETPROXY.DAT and NET$PROXY.DAT, are
created with the following default protections:
NETPROXY.DAT S:RWED, O:RWED, G, W
NET$PROXY.DAT S, O, G, W
74 Managing User Accounts