900 Series HP 3000 Computer Systems HP Security Monitor/iX Manager's Guide ABCDE HP Part No. 32650-90455 Printed in U.S.A.
The information contained in this document is subject to change without notice. Hewlett-Packard makes no warranty of any kind with regard to this material, including, but not limited to, the implied warranties of merchantability or tness for a particular purpose. Hewlett-Packard shall not be liable for errors contained herein or for direct, indirect, special, incidental or consequential damages in connection with the furnishing or use of this material.
Printing History The following table lists the printings of this document, together with the respective release dates for each edition. The software version indicates the version of the software product at the time this document was issued. Many product releases do not require changes to the document. Therefore, do not expect a one-to-one correspondence between product releases and document editions. Edition Date Software Version First Edition April 1994 C.50.
iv
Preface MPE/iX, Multiprogramming Executive with Integrated POSIX, is the latest in a series of forward-compatible operating systems for the HP 3000 line of computers. In HP documentation and in talking with HP 3000 users, you will encounter references to MPE XL, the direct predecessor of MPE/iX. MPE/iX is a superset of MPE XL. All programs written for MPE XL will run without change under MPE/iX.
vi
Conventions UPPERCASE In a syntax statement, commands and keywords are shown in uppercase characters. The characters must be entered in the order shown; however, you can enter the characters in either uppercase or lowercase.
Conventions (continued) [ ... ] In a syntax statement, horizontal ellipses enclosed in brackets indicate that you can repeatedly select the element(s) that appear within the immediately preceding pair of brackets or braces. In the example below, you can select parameter zero or more times. Each instance of parameter must be preceded by a comma: [,parameter][...
Contents 1. Introduction HP Security Monitor/iX Manager's Guide . . . . . 2. Overview of Security on the MPE/iX Computer System Physical Security . . . . . . . . . . . . . . . . Procedural Security . . . . . . . . . . . . . . . System Security . . . . . . . . . . . . . . . . Identi cation . . . . . . . . . . . . . . . . Authentication . . . . . . . . . . . . . . . . Authorization . . . . . . . . . . . . . . . . User Roles . . . . . . . . . . . . . . . . . The System Manager . . . . . . . . . . . .
Defenses Against Data and Performance Loss Due to Sabotage . . . . . . . . . . . . . . . . . Defenses Against Information Disclosure . . . . . 3. Managing System Users with Passwords and Logon Restrictons Managing System Access with Passwords . . . . . Commands Used to Create and Maintain Passwords Guidelines for Selecting Passwords . . . . . . . . Creating a New Account with a Password . . . . . Modifying an Account Password . . . . . . . . Removing Account Level Passwords . . . . . . .
System manager capability . . . . . . . . . . Account manager capability . . . . . . . . . . Execute (X) Access . . . . . . . . . . . . . . . User Identi cation . . . . . . . . . . . . . . . SAVE access in MPE groups . . . . . . . . . . CWD and File Security . . . . . . . . . . . . The Maximum File Protection Option . . . . . . . ACD examples . . . . . . . . . . . . . . . . . Tasks Involving System Security . . . . . . . . . Listing ACDs . . . . . . . . . . . . . . . .
Account Manager (AM) . . . . . . Batch Access (BA) . . . . . . . . Use Communications Software (CS) . Diagnostician (DI) . . . . . . . . Extra Data Segments (DS) . . . . Group Librarian (GL) . . . . . . . Interactive Access (IA) . . . . . . Multiple RIN (MR) . . . . . . . . Network Administrator (NA) . . . Node Manager (NM) . . . . . . . Use Nonshareable Devices (ND) . . Use Mountable Volume Sets (UV) . Privileged Mode (PM) . . . . . . Process Handling (PH) . . . . . . Programmatic Sessions (PS) . . . .
Log failure record, type 100 . . . . . . . . . . System up record, type 101 . . . . . . . . . . Job initiation record, type 102 . . . . . . . . . Logon queue . . . . . . . . . . . . . . . . CPU time limit . . . . . . . . . . . . . . MPE/iX status . . . . . . . . . . . . . . Job termination record, type 103 . . . . . . . . Process termination record, type 104 . . . . . . NM File close record, type 105 . . . . . . . . . NM File close record, type 205 . . . . . . . . . Unique le identi er (UFID) . . . . . . .
Contents-6 Low-priority machine check, type 152 . . . . . . CM le close record, type 160 . . . . . . . . . 7-63 7-65 8. Using the Security Con gurator (SECCONF) Overview . . . . . . . . . . . . . . . . . . . Running the Security Con gurator (SECCONF) . . Global Security Options . . . . . . . . . . . . 1. Password Encryption . . . . . . . . . . . 2. Minimum Length for Passwords . . . . . . 3. Maximum Invalid Logons per Device . . . . 4. Mandatory Password Prompt . . . . . . . 5. Idle Session Timeout . . .
A. The Security Maintenance Checklist B. Error Messages General Error Messages . . . . . . . . . . . . . ACD Related Error Messages . . . . . . . . . .
Figures 2-1. 2-2. 2-3. 2-4. 3-1. 5-1. 7-1. Contents-8 Account Relationships . . . An Individual Account . . . Groups, Users, and Files . . MPE/iX File System Example Password Aging Life Cycle . . Lockwords and Passwords . . Log File Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Tables 2-1. Where Accounts, Groups, Directories, and Files Can Be Located . . . . . . . . . . . . . . . . 2-2. Maximum Lengths of Account, Group, Directory, and File Names . . . . . . . . . . . . . . . . 2-3. Syntax Summary . . . . . . . . . . . . . . . 2-4. Synopsis of Possible Security Threats and Defenses 4-1. User Categories . . . . . . . . . . . . . . . 5-1. File Access Modes . . . . . . . . . . . . . . 5-2. User Types . . . . . . . . . . . . . . . . . 5-3. Default File Access Restrictions . . . . . .
7-30. 7-31. 7-32. 7-33. 7-34. 7-35. 7-36. 7-37. 7-38. 7-39. 7-40. 7-41. 7-42. 7-43. 7-44. 7-45. B-1. Contents-10 Printer Access Failure Log Record Format . . ACD Changes Log Record Format . . . . . Record Type 238 . . . . . . . . . . . . . Stream Initiation Log Record Format . . . . User Logging Record Format . . . . . . . . Process Creation Record Format . . . . . . Internal Data Structure . . . . . . . . . . File Open Record Format . . . . . . . . . Record Type 244 . . . . . . . . . . . . .
1 Introduction HP Security Monitor/iX Manager's Guide This manual is written for the System Managers or System Security Managers. It contains information about managing passwords, managing ACDs, security in the Hierarchical File System and the HP Security Monitor/iX . The User's Guide to MPE/iX Security and the Manager's Guide to MPE/iX Security comprise the fundamental operating system(FOS) set of HP 3000 MPE/iX security documents.
2 Overview of Security on the MPE/iX Computer System Facilities for implementing security measures on HP 3000 Computers are contained in the MPE/iX Fundamental Operating System (FOS). This chapter describes the components of computer system security: Physical security - control of access to system components. Procedural security - establishment and control of security procedures. System security - control of system access using the security features provided by the MPE/iX operating system.
and les can be provided by assigning users to accounts, issuing appropriate capabilities, enforcing the use of passwords, lockwords and by creating programs and les in groups that belong to special accounts. The physical aspect of securing access to software involves prevention of physical access to terminals, and limitations on or prevention of access via communication lines. Procedural Security Procedural security deals with the establishment and enforcement of security procedures.
Authentication When a user logs on, the system attempts to authenticate the logon ID. The system checks its directory for the existence of the ID, then veri es the user's identity by checking the password. Entry of an incorrect ID or password is enough to prevent access to the system. Authorization System access is provided at several levels, from the lowest, available to all users, to the highest, open only to system and security management.
System administrators are responsible for system operations. Titles include System Manager, System Supervisor, and System Operator (the operator at the console). Each type of system administrator has a di erent role, di erent capabilities, and di erent responsibilities. Account Managers usually have the title Account Manager. Account Managers are responsible for administering an account. Each account has at least one manager.
Display certain items of system information. The System Manager assigns OP capability to accounts. An Account Manager who has OP capability in his or her account can assign it to other users in the account. The System Operator The System Operator is the user logged on to the System Console. The System Operator derives his or her capabilities from the System Console, not from any capabilities inherent in the title. The System Operator also may be known as the Console Operator.
Components of the Account Structure The account structure consists of four components: accounts, groups, users, and les. Accounts are the basic structure for organizing users and information in the system. System users and system information belong to accounts. Groups further organize users and information within accounts. Users belong to the account, but access les by logging on to a group. If they know the appropriate group passwords, users can log on to any group within the account.
Figure 2-1 illustrates the relationship between accounts, groups, and users. Accounts (TECHNLGY, MARKTING', SYS, for example) are shown horizontally, across the top of the diagram. Groups (RESEARCH, SALES, RECORDS, for example) are stacked vertically under their accounts. Users (KEVIN, CHARLES, DIANE, for example) appear under their home groups. The solid black lines in Figure 2-1 indicate rm, primary relationships.
The Individual Account Figure 2-2 shows the structure of an individual account. Not all accounts look like the one in Figure 2-2, but most are similar. Every account has a name, a PUB (PUBLIC) group, and an account manager. When you rst create an account, the account manager has the PUB group as a home group. Figure 2-2. An Individual Account The account manager is responsible for establishing the groups and users within the account.
Using Files When you do almost any kind of work with a computer, you work with les. Reports, spreadsheets, program listings, letters, management tools, and more all exist within the system in the form of les. The les belong to the groups in an account as shown in Figure 2-3. Figure 2-3. Groups, Users, and Files The system stores the les necessary for operating the computer.
Creating Naming Conventions Notice that each account, group, and user in Figure 2-3 has a name. Files also have names. An account, group, user, or le name must be eight characters or fewer in length. It must begin with an alphabetic character. Subsequent characters can be alphabetic or numeric. Account names must be unique, but notice that each account has a group named PUB. Group names must only be unique, within an account.
Hierarchical file system (HFS) As of Release 4.5, the MPE/iX le system is hierarchical (tree structured) and can contain les at many di erent levels. This organization provides a special kind of le called a directory. Instead of holding data, directories contain lists of les and pointers to those les. A directory can also contain other directories. This organization is similar to the le systems on UNIX R or MS-DOS R systems. The new le organization still includes the familiar accounts, groups, and users.
Figure 2-4 shows how you can organize les, accounts, groups, and directories in the le system. Notice that accounts, directories, groups, and les all connect back to one directory designated by a \/" (slash). This is referred to as the root or the root directory . Figure 2-4.
HFS file names MPE/iX Release 4.5 allows you to assign longer le names than in previous versions of MPE/iX. Table 2-2 summarizes name lengths for accounts, groups, directories, and les previous to Release 4.5 and after Release 4.5. Table 2-2.
HFS syntax Table 2-3 summarizes some of the syntax enhancements introduced by the MPE hierarchical le system. The syntax that you are used to still works for les in groups and accounts. So to use HFS syntax, you must precede le and directory names with ./ or /. Otherwise, MPE/iX treats the names using traditional MPE syntax rules. This manual refers to les that are named using HFS syntax as HFS les . Table 2-3.
Controlling Access to System Resources System performance can su er if too many jobs and/or sessions are running at the same time. Setting limits on the number of jobs and sessions that can run concurrently protects the system from inadvertent or deliberate attempts to degrade its performance. Setting limits on the number of active devices in use at any time helps control the user load, and also helps prevent access by unauthorized users.
of the message is a must to assure continuing compliance with the policy and its updates. Security Considerations This section deals with the overall problem of security as it a ects computer installations. It discusses threats to computer security, and provides guidelines for meeting those threats. The table at the end of this chapter synopsizes this material in a quick reference form. Computer security deals with more than just the security of the computer itself.
Recognizing Security Incursions Evidence of the occurrence of major theft, vandalism, re, earthquake, and similar causes of loss is usually obvious. Evidence of attempts at unauthorized entry and unauthorized usage is much less so. The best way to nd evidence of attempts at unauthorized entry and unauthorized usage is continuous monitoring of system log les.
Prevention of Access Prevention of access is the primary form of defense against theft and vandalism. Such defenses take several forms: Physical prevention of access to premises, and physical prevention of access to equipment within the premises. Denial of use even though the equipment can be physically approached.
Defenses Against Data and Performance Loss Due to Sabotage One type of sabotage involves access to the computer or system by unauthorized persons. For the most part, preventative measures are the same as those described under Prevention of Access, above. In particular, you should be aware of the fact that anyone who can access the System Console can execute a 4CTRL54A5, then execute any command that can be invoked from the \=" prompt.
When the information on media is no longer needed, the media is often reused by simply writing over the existing data. Depending on the medium, the data may be readable until it is overwritten, even if the medium have been reformatted. This is an easily overlooked breach of security. Before returning disk, disk packs, and tapes to reuse, all labels should be removed in order to prevent a thief from easily picking out the tapes that may contain important information.
Table 2-4. Synopsis of Possible Security Threats and Defenses Possible Threats Loss of use. Possible Defenses Prevent access. Perimeter defenses. Fences. Guarded entries. Lighting. Intruder warning devices. Surveillance devices. Guard dogs. Internal defenses. Guarded entries. Metal detectors. Identi cation badges. Sign-in logs. Door locks. Locks - desk, storage, computers. Physical restraints on equipment. Denial of use. Mandatory passwords. No embedded passwords. Logon limitations.
Table 2-4. Synopsis of Possible Security Threats and Defenses (continued) Possible Threats Disclosure of information. 2-22 Overview of Security on the MPE/iX Computer System Possible Defenses Prevent access. Limit document distribution. Limit knowledge distribution. Lock desks, cabinets, computers. Store media in locked cabinets. Degauss media to erase data. Use and maintain passwords. Clear screens and screen bu ers. Limit information stored in PUB and library accounts.
Managing System Users with Passwords and Logon 3 Restrictons This chapter describes the methods and tools available to System Managers (SM capability) and Account Managers (AM capability) for controlling system access with passwords and logon limitations, and for listing security information. Caution Managing System Access with Passwords System managers should use great care to not loose or forget the system manager password.
Note Commands Used to Create and Maintain Passwords If les are protected by ACDs, only user passwords should be required, and neither account or group passwords, or le lockwords, should be used. System Managers (SM capability) use the commands :NEWACCT, :ALTACCT, and :PURGEACCT to create and maintain accounts. Account passwords can be created at the time an account is created or modi ed.
Always use di erent passwords on di erent machines, but never make them the name of the machine, nor the name of the machine with a single number at the front or at the back. Creating a New Account with a Password To create a new account with an account password enter :NEWACCT, followed by the parameters: accountname and managername ; PASS=password .
Modifying a Group Password To modify a group password, log on to the account and enter :ALTGROUP, followed by the required parameter groupname and PASS=password. For example, enter: :ALTGROUP RCVBLS;PASS=LEDGERS As a System Manager modifying the same group password while not logged on to the account, enter the account name as well as the group name: :ALTGROUP RCVBLS.
:NEWUSER MANFRED.JASTA11;PASS=REDBARON User passwords assigned by Account or System Managers can be changed by the user with the :PASSWORD command. Modifying a User Password To modify a user password, log on to the account and enter :ALTUSER, followed by the required parameter username ; PASS=password . For example, enter: :ALTUSER MANFRED;PASS=EIGHTY As a System Manager modifying a user password while not logged onto the account, enter the account name as well as the group name: :ALTUSER MANFRED.
Revising Old Passwords Passwords that never change present a security risk to the system. Several facilities are provided which force passwords to be revised either for individual users or for all users on the system. This section describes additional password features that are provided by the HP Security Monitor package. These features include password expiration, password aging, password encryption and enforcing of minimum length passwords for additional security.
Effects of Expired User Passwords Expiration of a password has the following e ects on users: The global expired user password function causes the expiration only of required user passwords, regardless of whether required at the user or account level. Required user passwords are marked for expiration at the beginning of the warning period. Thus, if a new user establishes a required password after the start of the warning period, that password is not a ected by the forced expiration.
d a |------------------ maximum lifetime -------------------| |--------- valid --------- | --------- expired ---------| -- invalid -- c |<-- minimum -> <- warn -->| <-- expiration --> | Figure 3-1. Password Aging Life Cycle Aging values for individual users can be established only after the system wide policy is established. Once this is done, aging values for individual users can be speci ed as long as they don't fall outside the range established by the system wide policy.
To enable password encryption, select Option 1 in the Global Security Options Menu. With the feature enabled, new passwords are automatically encrypted the rst time they are entered in the system. This applies to all passwords: account, group, and user. Device passwords are always encrypted, whether encryption is enabled or not. Encrypting Passwords Discussion With password encryption turned on, a new password is automatically encrypted before it is stored in the system directory.
Enforcing Minimum Password Lengths MPE/iX permits passwords of from one to eight characters. The longer the password, the more di cult it is for it to be discovered by trial and error. As a security precaution, set a minimum length for all passwords in your system. The minimum length set a ects all account, group, and user passwords. To set password length, select Option 2 in the Global Security Options Menu. The default is 0 (no minimum length).
To list all of the attributes, including the password, of an account named MARKETS, enter: :LISTACCT MARKETS;PASS Note Discussion The MPE/iX commands that display passwords (:LISTUSER, :LISTGROUP, and :LISTACCT) will not display passwords when they are in encrypted form. The three listing commands are: 1. :LISTACCT lists account attributes. 2. :LISTGROUP lists group attributes. 3. :LISTUSER lists user attributes. A System Manager (SM capability) can specify any account, group, and user on the system.
Managing System Access With Account and Group Attributes Account and group attributes that relate to system access include: Limiting the amount of CPU time available to users. This can be set at the account and group levels. Limiting the amount of session connect time available. This can be set at the account and group levels. Limiting CPU or session connect time provides some degree of control over system utilization and, therefore, system performance.
users o the system as soon as they exit the program. In this case, users have access only to the application program, but not to the MPE/iX command interpreter or other system facilities. Creating a UDC To create a UDC, type the commands you wish to use in a text le, then catalog the le with the :SETCATALOG command. If a UDC is to be a logon UDC, declare it as such when you create it. Set the UDC level (system, account, or user) at the time you catalog it.
Protecting Your System with Access Control Definitions 4 (ACDs) Access Control Definitions (ACDs) Note What is an ACD? MPE/iX le system access can be controlled by using access control de nitions (ACDs). You can use an ACD to specify permissions and restrictions for access to a le. In addition, ACDs allow you to secure logical devices, device names, and device classes. ACD security replaces all standard le system security that may be in e ect for that le or device.
c. If there is an ACD associated with the le and that ACD contains the $OWNER entry, you are restricted to the access permissions assigned to $OWNER. (Since you are the le owner, you can always modify the ACD if you need more access permissions than provided by the $OWNER entry.) If you are not the owner of the le, the system performs the check described in step 4. 4. Is there an ACD assigned to the le? If there is no ACD assigned to the le, the system performs the checking described in step 5.
Access modes ACD pairs control the ability to access and change MPE les, hierarchical directories, and the les within them. MPE/iX has enhanced the ALTSEC command to support access to directories. The available ACD access modes are as follows: FILES AND DEVICES R W L A X Read a le. Write to a le. Lock a le. Append to a le. Execute a le. DIRECTORIES CD DD RD TD RACD NONE Create directory entries. Delete directory entries. Read directory entries. Traverse directory entries.
the ALTGROUP command to change save access permissions for MPE groups. The userspecs part of an ACD pair speci es one user or a group of users assigned the access modes speci ed in modes part of the same pair. A user is speci ed as a fully quali ed user name in the form username.accountname . For example, JOAN.FINANCE speci es the user JOAN in the account FINANCE. A wildcard character (@) can be used in place of the user name or both the user name and the account name to specify a group of users.
$GROUP_MASK matches the GID of the le, the user is granted the access permission assigned to $GROUP. Restricts all ACD entries except for $OWNER and @.@. In this case, if a user matches a user.account entry, $GROUP entry, or @.account entry, the matching entry is granted the access if it appears in both $GROUP and $GROUP_MASK. An ACD with a $GROUP_MASK entry must also have a $GROUP entry.
HFS Object deletion To delete a le or subdirectory from a directory, you must have DD access to the directory. For les in MPE groups, you only need WRITE access to the le. For directories in MPE groups, you only need SAVE access to the MPE group. HFS File renaming Any user with the proper access can rename a le. To rename a le, you must have both CD and DD access. DD is required to delete the old entry from the directory where the le resides, and CD is required to create the new directory entry.
Appropriate Privilege Appropriate privilege means that the user has su cient capabilities to perform an operation even if the user is not explicitly granted the necessary access. The user's capabilities grant the correct access to the directory or le. Appropriate privilege does not override le lockwords, privileged les, privileged le codes, or write-protected les.
Users with appropriate privilege still get X access to les with executable le codes. X is also used to grant STREAM access to JOB les. Users with appropriate privilege can still stream these les because they have R access to the les. User Identification Users on MPE/iX are now identi ed by a user ID (UID). The UID is a string (in the form user.account ) with a corresponding integer value. Each MPE account has a group ID (GID) associated with it.
CWD and File Security You can now change the current working directory (CWD) to any directory (including an MPE account, an MPE group, the root directory, or an HFS directory) as long as you have TD access to the directories in the path to the directory. This means that you can change your CWD to any MPE group on the system because all users have RD and TD access to the root directory, all accounts, and all groups, by default.
ACD examples You assign ACDs using the ALTSEC command. In addition, les created in hierarchical directories and hierarchical directories themselves are automatically assigned ACDs. Following is an example of an ACD that could be assigned to a text le: NONE:JIM.DOE,@.ACCTING;R,W,X,L:@.PAYROLL;R:@.@ The ACD pairs in this example set up the following access controls on the text le: Deny JIM.DOE and all users in the ACCTING account access to the le.
The following sections describe tasks relating to system security such as listing ACDs, assigning ACDs, changing ACDs, and copying ACDs. Tasks Involving System Security Listing ACDs Use the -2 list le option of the LISTFILE or LISTF commands to list ACD information associated with a le. Any user on a system can use these commands to determine if a le has an ACD. In order to view the contents of an ACD, you must be either an owner of the le or be a user granted RACD access to that le.
Listing ACDs for directories and files in directories Because ACDs supersede other security mechanisms, it is useful to be able to determine whether or not an HFS directory or le has an ACD assigned to it and, if so, what it is. Any directories or les residing outside of traditional MPE groups are automatically assigned ACDs when they are created. You can list ACDs by using the LISTFILE command with the -2 (also called ACD) option.
d a listfile /OFFICE/GRP/assets,-2 PATH=/OFFICE/GRP/ ------------ACD ENTRIES-------------- FILENAME c d ZONIS.OFFICE @.OFFICE @.@ : R : R,W : R,W,X assets b The next example shows how you can list the ACDs for all of the les in the GRP directory. It shows the ACDs on the le assets as in the previous example and lists the ACDs on the other two les in the directory. listfile /OFFICE/GRP/@,-2 a PATH=/OFFICE/GRP/ ------------ACD ENTRIES------------ FILENAME c ZONIS.OFFICE @.OFFICE @.@ ZONIS.
Creating ACDs Use the NEWACD option of the ALTSEC command to create an ACD and assign it to a le or device. You must be an owner of a le to create and assign an ACD to that le. Only a system manager can assign ACDs to logical devices, device names, and device classes. You can assign ACD pairs to the new ACD either from within the command line or by referencing a le that contains one or more ACD pairs. To create an ACD and assign it to the le PROGNAME, enter: ALTSEC PROGNAME;NEWACD=(X:@.@;W:@.
The le SUMMARY has an ACD (RACD:@.@). You want to grant read and write access to users in your account: :ALTSEC SUMMARY;ADDPAIR=(W,R:@.ACCT) Adding an ACD Pair Use the ADDPAIR parameter of the ALTSEC command to add an ACD pair to an ACD. To add a new ACD pair that grants the user ENGR.LAB the access modes READ, WRITE, LOCK, APPEND, EXECUTE, and RACD to the le PROGNAME, enter: ALTSEC PROGNAME;ADDPAIR=(R,W,L,A,X,RACD:ENGR.
Deleting ACDs Use the DELACD parameter of ALTSEC to delete an ACD assigned to a le or device. You must be an owner of a le in order to delete an ACD from that le. Only a system manager can delete ACDs from logical devices, device names, and device classes. To eliminate any ACD that may be in e ect for device class LP, enter: ALTSEC LP,DEVCLASS;DELACD Deleting an ACD Pair Use the DELPAIR parameter of the ALTSEC command to delete a user name from an ACD. All other user names are una ected.
Copying ACDs Use the COPYACD parameter of the ALTSEC command to copy an ACD from a source le to a target le or device. In order to copy an ACD, you must be an owner of the source le or a user granted RACD access to the source le. In addition, you must be an owner of the target le. To copy the ACD from the le PROGNAME to the le NEWFILE, enter: ALTSEC NEWFILE;COPYACD=PROGNAME Copying ACD Pairs You can copy ACD pairs from one le to another or from one directory to another.
target le, removing all security restrictions in e ect for the target le. When an ACD is removed from a le, standard le system security restrictions are imposed.
Protecting Files with File Access Restrictions and 5 Lockwords. File System Security Features Restricting File Access The account structure contains two important, standard le system security features: le access restrictions, and lockwords. Associated with each account, group, and individual le is a list of le access restrictions. Access restrictions apply to disk les only.
Table 5-1. File Access Modes Access Modes Mnemonic Code Meaning READ R Allows users to read les. LOCK L Permits a user to prevent concurrent access to a le. Speci cally, it permits the use of the FLOCK and FUNLOCK intrinsics, and the exclusive-access option of the HPFOPEN and FOPEN intrinsics, all described in the MPE/iX Intrinsics Reference Manual (32650-90028).
Table 5-2. User Types User Type Any user Mnemonic Code Meaning ANY Any user de ned in the system. This includes all categories de ned below. Account librarian user AL User with account librarian capability, who can manage les within the account which may include more than one group. Group librarian user GL User with group librarian capability, who can manage certain les within a home group only. Creating user CR The user who created this le.
READ and EXECUTE access to any user and APPEND, WRITE, and LOCK access only to account users. These sample le security provisions have the following format: (R,X:ANY;A,W,L:AC) In this example, READ and EXECUTE access are permitted to any user. APPEND, WRITE, and LOCK access are permitted to account members only. Account-Level File Security The system manager sets the access restrictions that apply to all les within a given account when creating the account.
Group-Level Security The account manager sets the le access restrictions that apply to all les within a group when creating the group. They can be equal to or more restrictive than the provisions speci ed at the account level. The group's le access restrictions can also be less restrictive than those of the account; such provisions e ectively equate the group restrictions with the account restrictions, because a user who fails a security check at the account level is denied access at that point.
File-Level Security When you create a le, it has the default le-level security provisions assigned by MPE and the provisions assigned by the account and the group to which it belongs. Only the creator of a le may use the ACCESS= option of ALTSEC on a le. An Account Manager or System Manager can change the le-level security provision with the ALTSEC command by adding an ACD or changing and ACD. All access modes and all user types apply at the le level.
Lockwords act as passwords for les, providing additional security beyond those provided by capabilities and le access restrictions. The creator of a le can assign a lockword with the FILE, BUILD, or RENAME command or with the FOPEN intrinsic. Lockwords If a le has a lockword, you must supply it before you can access that le.
Releasing and Securing File Security Sometimes other users need temporary access to your les. For example, individual members of a project team might keep their own records of the hours they worked on di erent aspects of the project. At the end of the month, the project manager compiles the individual reports into a team report. To compile the team report, the manager might copy the team members' time record les into a single le.
The ALTSEC command restricts access to speci c les in a group to which access is normally not restricted. This command can only be used by the creator of the le. Refer to the MPE/iX Commands Reference Manual Volumes 1 and 2 (32650-90003 and 32650-90364) for further information about the ALTSEC, LISTFILE, LISTF, RELEASE, and SECURE commands. Protecting Files with File Access Restrictions and Lockwords.
6 Controlling User's Special Abilities with Capabilities. Capabilities A variety of people use HP 3000 Computer Systems. They range from those who use the system only to run simple application programs to system programmers who modify MPE/iX. The user who runs application programs, for example, needs only to be able to log on, run a particular program or set of programs, and log o . A system programmer, on the other hand, needs access to special system functions.
Listing Capabilities Listing Capabilities Assigned to an Account Three commands allow the system manager to list capabilities of accounts, groups, and users: LISTACCT, LISTGROUP, and LISTUSER. Use the LISTACCT command to check the capabilities of an account.
d a THE "PASS" OPTION REQUIRES AM OR SM CAPABILITIES (CIWARN 720) ****************** GROUP: ENGR.
Listing Capabilities Assigned to Users Use the LISTUSER command to check the capabilities of a user. The default is all (@) users and accounts within the user's capabilities (AM or SM). For example, to review the capabilities of the user BORIS in the JONES account, enter: LISTUSER BORIS;PASS d c The screen displays: ******************** USER: BORIS.
Table 6-1.
Accounts and users may have all 21 of the capabilities, but groups and programs may only have BA, DS, IA, MR, PH, and PM. Assigning Capabilities To assign capabilities to accounts, groups, users, and programs To assign capabilities to accounts, groups, users, and programs, use the NEWACCT, NEWGROUP, and NEWUSER commands. For example, if you are the system manager or the account manager of the PAYROLL account, enter the following to assign capabilities to a new user named GEORGE: NEWUSER GEORGE.
Capabilities Table Table 6-3 lists MPE/iX capabilities and their standard abbreviations. It also shows the types of users that require each capability. Use the information in Table 6-3 to establish capabilities for your system. Table 6-3.
Account Manager (AM) Batch Access (BA) Use Communications Software (CS) Diagnostician (DI) An account manager manages all users and groups in that account. The system manager designates the initial manager for each account when creating the account. The account manager can, in turn, assign the attribute to other users in the account. This capability allows access to MPE/iX in a batch processing (job) mode.
Network Administrator (NA) Node Manager (NM) Use Nonshareable Devices (ND) Use Mountable Volume Sets (UV) Privileged Mode (PM) Caution Process Handling (PH) This capability allows the use of NMMGR . PUB . SYS (the node management services con guration program) to con gure NS and LAN and administer the resulting network. This capability allows the use of NMMGR.PUB.SYS (the node management services con guration program) to con gure and manage nodes in a local area network (LAN).
Programmatic Sessions (PS) Save User Files Permanently (SF) System Manager (SM) System Supervisor (OP) This capability permits the use of the STARTSESS command and STARTSESS intrinsic. You can assign this capability to any MPE/iX user. Usually applications programmers use it when creating turnkey systems.
7 Auditing System Use This chapter describes methods for creating audit trails, by which system usage can be determined. Well de ned audit trails tell you: Who is and who has been using the system. When. For how long. Which les were accessed. Which commands and system facilities were used. MPE/iX provides you with three separate logging facilities: system logging, memory logging, and user logging. Each operates separately and has no e ect on the others.
Process initiation. Security con guration changes.* ACD creation and modi cation. Printer access refusals. System logging con guration. Restore. System shutdown. Logging errors. System startup. System shutdown. Power failures. Spool le completions. Physical volume mounts/dismounts. Logical volume mounts/dismounts Tape label reads. System console activity. Items marked with an asterisk (*) are provided in the HP Security Monitor/iX.
Using System Logging System logging records the use of certain resources by accounts, groups, and users. Like the administrative functions, system logging can be used for billing purposes or for obtaining an overview of system use. System logging is also used to detect security attacks or breaches after the fact. Unlike these administrative functions, system logging describes system use by creating a running log of events, correlated with the job or session that caused each event.
d a sysgen>LOG ** LOG configurator commands ** show (sh) slog (sl) ulog (ul) clear (cl)(c) exit (ex)(e) help (he)(h) oclose (oc) log> c redo Example 6-1. Activating the LOG Configurator Using the LOG Configurator Help Facility d hold (ho) b The help facility enables you to quickly identify the function and syntax of those LOG con gurator commands and options for performing the multiple operations that de ne or change logging processes.
d a log>HELP ALL command (abb) parameter=value ------------- --------------- c show (sh) [command [dest = SLOG|ULOG|ALL] = OFFLINE] slog (sl) [on [off = event#,...] = event#,...] ulog [nlogprocs = number processes allowed] [usersperproc = users per logging process] log> b Example 6-3.
Showing Current LOG Values The SHOW command displays the LOG values as currently set. SHOW has the following parameters: SHOW [COMMAND = [DEST = SLOG ULOG ALL OFFLINE ] ] ] ] SLOG lists the state of the system logging events. ULOG lists the number of user logging processes and users per logging process currently con gured. ALL lists all the information associated with the LOG con gurator. OFFLINE redirects the output of the SHOW command to the SYSGEN listing le, SYSGLIST.
Enable the logging of an event by entering SLOG event#, . . . : log>SLOG 100 (Event 100 enabled) log>SLOG ON=100 (Event 100 enabled) or Disable the logging of an event by entering SLOG OFF=event# , . . . : log>SLOG OFF=100 (Event 100 disabled) Entering SLOG without ON enables logging. Entering SLOG without an event number causes an error: log>SLOG (error - no parameters are specified)'' Logging event 100 is a special case. If 100 is o , no logging (except that forced on by MPE/iX) takes place.
or log>ULOG USERSPERPROC=40 Clearing Log Configuration Changes ** Number of Users per Process ** If you desire to clear all LOG con guration changes made, enter the CLEAR command at the LOG con gurator prompt. log>CLEAR Once a SYSGEN> KEEP is done, the changes kept become permanent and CLEAR does not remove them.
Printing a Log File To analyze your logs and to read what you are logging, you must print your log les. To do this, use the LOGTOOL utility program. The LOGTOOL utility runs under the online diagnostic system, and can be invoked by entering SYSDIAG. When the diagnostic user interface prompt (DUI>) appears, enter RUN LOGTOOL. In order to print a log, issue the following: 1. :SYSDIAG 2. DUI>RUN LOGTOOL 3. LOGTOOL>LIST LOG=log# OUTFILE=LP 4. LOGTOOL>EXIT 5.
Accessing Log Files from Programs Creating and naming log files The following sections include information that you need to access log les programmatically. When system logging is rst enabled, MPE/iX creates and opens the rst log le and begins recording events as they occur. When this log le is full, or when the system is shut down and restarted, MPE/iX creates and opens a new log le. Log le names always take the form LOGxxxx .PUB.SYS, where xxxx is the log le number, ranging from 0000 to 9999.
Log file structure All log les are created as les containing variable-length records. They should always be treated as les containing variable-length records, accessed sequentially. For a log le, the end-of- le pointer can point at the last record (block) written to the le (if the le is closed normally), or at any point beyond the last record written (if the le has not been closed). In the latter case, all space following the last record is padded with zeros.
Console messages for log files Log le status and error messages are reported to the system console. They conform to the format hh/mm/PIN/message , where: hh mm PIN message = the hour of the day = the minute of the hour = the process identi cation number = the message text The log le status message text may consist of any of the following: LOG FILE NUMBER xxxx ON indicates that a new log le has been created. This message always appears prior to the welcome message after a restart.
Table 7-1. Log File Errors Error # LOGTOOL Error Recover? 1 Input/output error in accessing the system disk. No 2 Input/output error in accessing disk log le. No 21 Data parity error. No 26 Transmission error. No 27 Input/output timeout. No 28 Data overrun. No 29 SIO failure. No 30 Unit failure. No 46 Insu cient disk space to create log le. Yes 47 Input/output error on le label. No 57 Virtual memory not su cient. No 61 Group (PUB) disk space exceeded in creating log le.
Using the LOGTOOL Utility To invoke LOGTOOL enter: SYSDIAG DUI > RUN LOGTOOL For detailed information on any command enter HELP followed by the command. For example: LOGTOOL> HELP LIST The following is a sample of commands you would use to display data from a set of system log les. 1. Log on as MANAGER.SYS or with SM, OP or DI capability. 2. List the names of log les currently on your system (before invoking LOGTOOL): LISTFILE LOG@.PUB.SYS 3. Invoke LOGTOOL: SYSDIAG DUI > RUN LOGTOOL 4.
SYSDIAG>LIST LOG=9/14,17,20,22;OUTFILE=MYFILE;TYPE=111,146 The output le to which the analysis will be written in this example is MYFILE. You may choose any name but it must begin with an alphabetic character. Please remember that the output le will be written to the DIAG group of the SYS account. You may use any HP3000 text editor to examine the output le. You may also copy it with the COPY command or the FCOPY utility. 8.
Table 7-2. LOGTOOL Commands Name Category DISPLAYLOG (SLF) Displays I/O entries as information is logged. EXIT (MC) Exits LOGTOOL and returns user to DUI. HELP (MC) Gives help on running LOGTOOL. LAYOUT (SLF) Reads in a layout le. LIST (SLF) Lists contents of a system log le. MEMCLR (MLF) Clears the memory logging process log les. MEMRPT (MLF) Displays the contents of the memory log le. MEMTIMER (MLF) Alters the timer value of the memory error logging process.
Logging Formats MPE/iX writes log records to records in a log le. The log records can be accessed and displayed by using the system log analysis utility (LOGTOOL) or through a user-supplied analysis program. There are two types of log les used to record system information. There is the original 100 series format and a newer 200 series format which has been adopted to acommodate POSIX speci cations.
console log program le event new commercial spooling password changes system logging con guration RESTORE logging printer access failure ACD changes stream initiation user logging process creation CHGROUP logging FOPEN logging Format 2## system log record header Format 2## log records have the information normally contained within the audit trailer incorporated into the main event record. Table 7-5.
which records will be logged). The logging con guration can be altered using the SYSGEN utility.
Table 7-6.
System Log Record Formats Log failure record, type 100 The rest of this chapter includes the format of the log records. Notes following the log records describe the signi cant elds in the records. Table 7-7.
System up record, type 101 Table 7-8. System Up Record Format Length, in 16-bit Words 1 1 1 3 2 4 2 2 16 16 2 2 2 128 Record Content Record type (101) Record length Process identi cation number Time stamp Job type/job number Version ID (v.uu. )/Last 8 bits unused Maximum number of concurrent jobs and sessions Boot code Boot device Con guration group used for boot NL checksum Con g checksum SL checksum Operating system nonvolatile storage NOTES: Boot code: 0 = Start with recovery.
Operating system nonvolatile storage contains the following: Table 7-9. ISL Data for Last Boot (128 bytes) Reserved Boot path ISL revision Time stamp (# seconds since 1970) LIF utility entries entered Pointer to last utility Word alignment 36 bytes 32 bytes 4 bytes 4 bytes 48 bytes 1 byte 3 bytes Table 7-10.
Job initiation record, type 102 Table 7-11.
Job termination record, type 103 Table 7-12.
Process termination record, type 104 Table 7-13. Process Termination Record Format Length, in 16-bit Words 1 1 1 3 2 2 2 2 1 1 8 Record Content Record type (104) Record length Process identi cation number Time stamp Job type/job number CPU time in milliseconds Native mode stack size in bytes Native mode heap size in bytes CM mas stack in 16-bit words Termination type Reserved NOTES: Termination types: 0 = Normal 1 = Dependency (This process depends upon a terminated process.
NM File close record, type 105 Table 7-14.
Table 7-15. Record Type 205 Record Content Length, in 16-bit Words 1 Record type 205 1 Event version 1 Record length 1 PIN 2 Job type/Job number 2 Time stamp time 1 Time stamp date 1 Login type (if 1, logon name is in the format 16-byte user 16-byte acct) 18 Logon name 8 Job/session name 4 Reserved 4 # logical reads 4 # bytes read 4 # logical writes 4 # bytes written 8 Creator user name (from abel: user.
Unique file identifier (UFID) Internal le identi er. Internal data structure that uniquely identi es a le. This entity is printed in hex. Disposition field Close Disposition (bits 13:3) 0 No change. 1 Save permanent. 2 Save temporary - rewound. 3 Save temp - not rewound. 4 Delete. 5 Make temporary. Open Domain 0 New le. 1 Old permanent le. 2 Old temporary le. 3 Old job or sys. Disk Space Disposition (bits 11:2) 0 1 2 Do not return disk space allocated beyond EOF.
Shutdown record, type 106 Table 7-16.
I/O error record, type 111 Table 7-17.
NOTES: Hardware product number is the number of the device; for example, 7935. Physical path description is the hardware path to the device; for example, 2/4.0.1 (2 = bus, 4 = channel, 0 = device adapter, and 1 = device). It is hardware dependent. Logical device name is the LDEV number. Device class identi er identi es the type of device, such as disk, tape drive, or printer.
Physical mount/dismount record, type 112 Table 7-18.
Logical mount/dismount record, type 113 Table 7-19.
Tape labels record, type 114 Length, in 16-bit Words 1 1 1 3 2 1 1 1 1 1 9 4 3 3 1 Table 7-20.
Console log record, type 115 Table 7-21. Console Log Record Format Length, in 16-bit Words 1 1 1 3 2 1 Up to 140 Record Content Record type (115) Record length Process identi cation number Time stamp Job type/job number Byte length of console line* Console input or output line * If length is less than zero, console message is input. If length is greater than zero, console message is output.
Program file event record, type 116 Table 7-22.
NMS spoolfile done log record, type 120 (input) Table 7-23.
NMS spoolfile done log record, type 120 (output) Table 7-24.
NOTES: Input spool le done log records are generated for every spool le that is generated. One output spool le done log record is generated and added to the log records for every le copy (or partial le copy) that is printed.
Processor launch information log record, type 131 Table 7-25. Processor Launch Information Log Record Format Length, in 16-bit Words 1 1 1 3 2 8 8 8 Record Content Record type (131) Record length Process identi cation number Time stamp Job type/job number Processor id Hard physical address Launch status NOTES: Each processor (except the one that is used to launch the system) logs a processor launch information record. Processor id Identi es the type of processor.
Password changes log record, type 134 Table 7-26.
System logging configuration record, type 135 Table 7-27.
Restore log record, type 136 Table 7-28.
Restore log record, type 236 The type 236 record has a \maximum path exceeded" ag. The type 236 record is only used by native mode RESTORE since compatibility mode RESTORE uses only MPE name syntax. Compatibility mode RESTORE cont inues to use the type 136 record. Table 7-29 illustrates the 236 record type. Table 7-29.
Printer access failure log record, type 137 Table 7-30.
ACD changes log record, type 138 Table 7-31.
Type 238 The format of the ACD record has been modi ed to handle variable-length le na mes and hierarchical pathnames. The target object name and the source object na me elds are variable in length to handle les with expanded names. Table 7-32 illustrates the format of the type 238 record. Table 7-32.
Job stream initiation log record, type 139 Table 7-33.
User logging record, type 140 Table 7-34. User Logging Record Format Length, in 16-bit words 1 1 1 3 2 25 4 2 4 1 1 8 8 8 8 Record Content Record type (140) Record length Process identi cation number Time stamp Job type/job number Program le name Intrinsic Index LOG ID* Mode Status User name Group name Account name Job/session name *The LOG ID eld in the log record contains \XXXXXX" for the CLOSELOG intrinsic when the index is bad.
Process creation log record, type 141 Table 7-35.
Internal Data Structure, type 242 The data structure of log record type 242 for Security Con guration Changes is as follows: Table 7-36.
File open record, type 144* Table 7-37.
Table 7-38.
The le open record is only logged when an error is detected during FOPEN; therefore, the values in the record are not always valid. Speci cally, values in the File Limit and Object Size elds are only valid after an error is detected during FOPEN. Configurable Command Logging Through the Security Con guration Utility, system managers can specify which MPE commands, when executed, are to be logged by the system logging facility. Log record type 245 will be used to log command execution and its status.
Maintenance Request Record Format, type 146 Table 7-40.
Diagnostic information records, type 150 Table 7-41.
Diagnostic system information record, type 150 Table 7-42. Diagnostic System Information Record Format Length, in 16-bit Words 1 1 1 3 2 2 Up to 128 Record Content Record type (150) Record length Process identi cation number Time stamp Job type/job number Type number Diagnostic system messages or status information NOTES: There are two di erent formats for type 150 diagnostic information records: one is the auto-diagnostic record format and the other is the diagnostic system information record format.
High-priority machine check, type 151 Table 7-43.
NOTES: Fields starting with GR0 to the end of the record contain processor internal memory (PIM). Record type 151 contains HPMC PIM and record type 152 contains LPMC. The rst PIM elds contain information from the registers (such as general registers, GR0-31, and control registers, CR0-31). The length of the last PIM eld (system-dependent portion of PIM) is hardware dependent. However, the total length of a logging record is restricted to 2KB. Refer to the appropriate hardware manuals for more information.
Detected by word Bits 0:1 1:1 2:1 3:1 4:1 5:1 6:1 7:1 8:1 9:1 10:1 11:1 12:1 13:1 14:1 15:1 16:1 17:1 De nition Instruction fetch Load Load and clear Store Flush I-cache Flush D-cache Purge D-cache Copyout of dirty cache line Instruction prefetch Data prefetch Remote cache consistency check Local purge TLB Remote purge TLB Probe read access Probe write access Coprocessor operation SFU operation Insert I or D TLB protection or access Cache check word Bits 0:1 1:1 2:1 3:1 De nition I-cache check D-cache ch
Assists check word Bits 0:1 1:1 2:1 De nition Coprocessor check SFU check Assist ID valid Processor check word All elds of this word are currently reserved . Assist ID word The 3-bit unit ID eld of the failing SFU or coprocessor is stored right-justi ed in bits 29:3 of the assist ID word.
Low-priority machine check, type 152 Table 7-44.
NOTES: The elds in this record are the same as the corresponding elds in the high-priority machine check record (type 151). See the notes following the record.
CM file close record, type 160 Table 7-45. CM File Close Record Format Length, in 16-bit Words 1 1 1 3 2 13 1 1 2 1 2 2 1 Record Content Record type (160) Record length Process identi cation number Time stamp Job type/job number File name - format of fname.group.
8 Using the Security Configurator (SECCONF) This chapter describes the Security Con gurator (SECCONF), a tool used to con gure the security features provided by the HP Security Monitor. Overview The Security Con guration Utility, SECCONF.PUB.SYS, is a program that can be run by a user with SM capability and logged on to the SYS account. SECCONF is used to establish or modify system global security information. It creates/updates the le SECDATA.PUB.
Global Security Options d If the user selects the \Global Security Options" in the main menu, the \Global Security Options" menu will be displayed. GLOBAL SECURITY OPTIONS 0. 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14.
2. Minimum Length for Passwords d c This option produces the following screen: a This function allows the user to specify the value for the minimum password length. This value is applicable to USER, ACCOUNT, GROUP and device passwords (but not lockwords). Minimum password length currently is: 0 Please enter your choice (0-8): b 3.
4. Mandatory Password Prompt d This option produces the following screen: a You have just selected the function to specify whether password prompts are mandatory for interactive logons. When this option is ON, MPE will not accept logon commands with embedded passwords, such as :HELLO USER/UPASS.ACCT/APASS Mandatory Password Prompt is currently OFF (i.e. embedded passwords OK). Please specify your new choice (ON/OFF):ON Mandatory Password Prompt is now ON.
d c You have just selected the function to specify the logon message option. Your choice is between using existing MPE friendly messages, or the generic, no-hint logon interface, which only say * INVALID * when logon error exists. Generic Logon Message is currently OFF.
7. UDC Failure Termination Option d c This option produces the following screen: You have just selected the function to specify whether a job/session is to be terminated if the initiation of UDC at logon time fails for any reason. When this option is ON, it prevents users from bypassing your system logon UDC. UDC Failure Termination is currently OFF (disabled). Please specify your new choice (ON/OFF): a b 8.
(1.) Global User Password Expiration Date. d This option produces the following screen: The Global Password Expiration function allows you to activate automatic password expiration for all users who are required to have password. When this option is enabled, MPE will expire all the REQUIRED user passwords on the (same) global expiration date. a To enable this function, you specify the number of days between expirations.
(2.) Global User Password Maximum Lifetime. d This option produces the following screen: This option sets the maximum lifetime for a user password. This value can range from 1 to 365 days, or optionally 0 for no password expiration.
(3.) Global User Password Minimum Time. d This option produces the following screen: This option sets the minimum time after setting a password before the password can be changed. This value can range from 1 to 364 days, or optionally 0 for no minimum password time. a The global user minimum lifetime currently is: 0 Please enter your choice (0-364 days):5 c The global user password minimum time is now: 5 b (4.) Global User Password Warning Time.
10. Batch Submission Security Options The Batch Submission Security Options can be con gured with the Global Security Option menu, by selecting item 10. From the Batch Submission Security menu, the security administrator will be able to select various options. Selecting the Batch Submission Security Options from the Global Security Options menu, the following screen is displayed: d BATCH SUBMISSION SECURITY 0. 1. 2. 3.
Cross Streaming Restriction Option. d This option produces the following screen: a You have just selected the function to configure whether streaming of other people's jobs is allowable. When this option is ON, a person will not be allowed to stream another person's job, unless specifically authorized. Cross Streaming Restriction is currently OFF (i.e., cross stream allowed). Please specify your new choice (ON/OFF):ON Cross Streaming Restriction is now ON (Enabled).
Stream Privileges Option. d This option produces the following screen: You have just selected the function to configure whether SM, AM and a job owner is allowed to stream jobs without the need for passwords. a Stream Privilege is currently OFF (disabled).
12. Maximum Protection Option d c This option produces the following screen: You have just selected the function to configure whether a NEWLY created object is going to be maximally protected. When this option is ON, MPE will configure the CREATOR of the object to be the only user who can access the object if no ACD is attached to that object. Maximum Protection is currently OFF Please specify your new choice (ON/OFF): a b 13.
14. Set All Options To Maximum Protection d This option provides the following screen: This function allows you to set the maximum protection for all of the Global Security Options. Use the LIST command to verify the selections are acceptable. a Do you want to set all Global Security Options to maximum protection (YES/NO):YES c Maximum protection has been set to maximum.
Device Password Configuration d For the \Device Password Con guration" selection, the program will let the user enter the device number and password for that device. Multiple groups of classes or LDEV's can be entered on one line, separated by a comma, providing the line does not exceed 72 characters. The same password will be assigned to all LDEV's or device classes on that line. LDEV's and device classes can not be mixed on the same line.
Commands Logging and Access d For the \Commands Logging and Access" category, the following display will appear: COMMANDS LOGGING & ACCESS a 0. Exit to Main Menu 1. Configure Logging & Disabling 2.
Configure Logging & Disabling d This option produces the following display: a Following the "Command >" prompt, please enter the MPE COMMAND that you want to log or disable access. Once the command is verified to be a valid command, you will be asked for the logging and access options for that command. To terminate you input, enter "//" or a carriage return in response to the "command>" prompt. If you want a list of all commands that are currently configured in the security table, enter "@".
Set Programmatic Access Level d This option produces the following screen: Since Command disabling may affect the functioning of your present programs and subsystems, you may want to set the Programmatic Access to WARNING level first. a At warning level, a command, when executed programmatically, will only cause the command to be logged via the Command Logging facility and a message to be sent to $STDLIST.
d c You have selected the choice to enable a disabled user ID. The prompt will be repeated until you enter a (user.account) name or end your input with a "//" or carriage return. Enter the user ID to enable (user.account):mgr.test Enable mgr.test (YES/NO):YES User mgr.test has been enabled a b 2. Enable User Password d c This solution will allow a system manager to set an invalid user password to theexpired state. An invalid user password is one that went beyond the expiration time.
d c You have selected the choice to set the user password aging values. Enter the user ID to set (name.account): mgr.test Set the age values for MGR.
d a SECCONF v.uu.ff (C) HEWLETT-PACKARD CO., 1986, 1991 GLOBAL SECURITY OPTIONS 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13.
Users can also run SECCONF with the LIST entry point to obtain security con guration information. On MPE/iX command prompt, enter: :RUN SECCONF.PUB.SYS ; INFO = 'LIST' Output similar to the one described on the previous page, will be displayed on the user terminal. d Reset Security Configuration This option produces a display that allows users to reset all or part of the current security con guration: SECCONF v.uu.ff (C) HEWLETT-PACKARD CO., 1986, 1992 a RESET MENU 0. 1. 2. 3. 4. 5. 6.
Soft Reset - Reset Command Options This option will reset or turn o all of the features associated with the Commands Logging and Access Menu. All commands will be re-enabled and all command logging will be turned o . In addition, the warning level option will be reset to the non-warning state. Soft Reset - Reset Device Passwords This option will reset or turn o all of the features associated with the Device Password Con guration menu. All device passwords will be reset to blanks.
A The Security Maintenance Checklist This checklist is provided to assist FOS security users in reviewing account and system security. 1. 4 5 Do all accounts have passwords? 2. 4 5 Have all default passwords been changed? 3. 4 5 Are there procedures to ensure quarterly system password changes? 4. 4 5 Are passwords changed when employees leave the organization? 5. 4 5 Do special capability users (PM, SM, OP, AM, NM, and NA) have user passwords? 6.
B Error Messages General Error Messages The rst section of this appendix describes error messages returned by the CI (Command Interpreter) that relate to general security and account structure functions. Possible causes and suggestions for recovery are provided. The second section of this appendix describes ACD related error messages. Table B-1.
Table B-1. Error Messages (continued) 500 501 502 503 504 505 MESSAGE EXPECTED "(" TO START SECURITY SPECIFICATIONS CAUSE The left parenthesis was not included at the beginning of the security speci cations. ACTION Include the left parenthesis on the command line. MESSAGE EXPECTED a ")" following the SECURITY SPECIFICATIONS CAUSE The right parenthesis was not included at the end of the security speci cations. ACTION Include the right parenthesis on the command line.
Table B-1. Error Messages (continued) 506 507 508 509 510 511 MESSAGE IGNORED. SAVE ACCESS NOT ALLOWED AT ACCOUNT LEVEL CAUSE You cannot specify SAVE access at the account level. ACTION This message is informational only. MESSAGE EXPECTED "Colon" SEPARATING MODE LIST FROM USER LIST CAUSE You did not include a colon (:) between the mode list and the user list. ACTION Include a colon (:) on the command line.
Table B-1. Error Messages (continued) 512 513 514 515 516 517 MESSAGE THIS USER TYPE NOT ALLOWED AT ACCOUNT LEVEL CAUSE You speci ed a user type that is not allowed at the account level. ACTION This message is informational only. MESSAGE READ ACCESS FOR THIS USER TYPE REDUNDANTLY SPECIFIED CAUSE You speci ed read access more than once on the same command line. ACTION This message is informational only.
Table B-1. Error Messages (continued) 518 519 530 531 532 534 MESSAGE SAVE ACCESS FOR THIS USER TYPE REDUNDANTLY SPECIFIED CAUSE You speci ed save access more than once on the same command line. ACTION This message is informational only. MESSAGE THIS ACCESS MODE REDUNDANTLY SPECIFIED ON THIS ACCESS LIST CAUSE One of the access modes that you speci ed was repeated in the access list. ACTION This message is informational only.
Table B-1. Error Messages (continued) 535 540 541 542 544 550 MESSAGE MISSING DELIMITER AFTER FILE NAME CAUSE You did not include a delimiter after the le name. ACTION Include a delimiter (semi-colon, comma, period, or space), after the le name. See the MPE XL Commands Reference Manual (32650-90003) for the correct syntax. MESSAGE FIRST CHARACTER IN GROUP NAME NOT ALPHABETIC CAUSE The rst character of your group name is nonalphabetic. You probably mistyped the group name.
Table B-1. Error Messages (continued) 551 552 554 590 591 592 MESSAGE ACCOUNT NAME MISSING CAUSE You did not include an account name on the command line. ACTION Specify an account name on the command line. MESSAGE ACCOUNT NAME is more than eight CHARACTERS LONG CAUSE The account name that you speci ed is greater than eight characters. Account names can only be eight characters or fewer in length. You probably mistyped the account name. ACTION Retype the command.
Table B-1. Error Messages (continued) 594 730 731 732 733 734 MESSAGE EMBEDDED NON-ALPHANUMERIC CHARACTER IN USER NAME CAUSE User names can consist of both alphabetic and numeric characters. One of the characters in the user name that you speci ed is neither alphabetic nor numeric. You probably mistyped the user name. ACTION Retype the command. MESSAGE ALTACCT CAN HANDLE A MAXIMUM OF 71 PARAMETERS CAUSE You have speci ed too many parameters on the command line.
Table B-1. Error Messages (continued) 735 736 737 738 739 MESSAGE NEWUSER CAN HANDLE A MAXIMUM OF 71 PARAMETERS CAUSE You have speci ed too many parameters on the command line. ACTION Consult the MPE XL Commands Reference Manual (32650-90003) for acceptable parameters. MESSAGE EXPECTED COMMA AFTER ACCOUNT NAME, BEFORE MANAGER'S NAME CAUSE You failed to include a comma between the account name and the manager's name. ACTION Include a comma between the account name and the manager's name.
Table B-1. Error Messages (continued) 740 741 742 743 744 MESSAGE UNIDENTIFIABLE PARAMETER. CAUSE The command that you issued does not recognize one of the parameters. It might be that you did not include a delimiter (semi-colon, comma, period, or space), between parameters. ACTION Check the MPE XL Commands Reference Manual (32650-90003) and make sure that you did not omit a delimiter. If you did, enter it.
Table B-1. Error Messages (continued) 745 746 747 748 749 750 MESSAGE MAXPRI INAPPROPRIATE FOR GROUPS. IGNORED CAUSE The MAXPRI parameter cannot be speci ed for groups. It was ignored. ACTION This message is informational only. MESSAGE CAPABILITY LIST REDUNDANTLY SPECIFIED. LAST OCCURRENCE USED CAUSE You speci ed the CAP parameter twice on the same command line. The last CAP list that was speci ed is the one implemented by the command. ACTION This message is informational only.
Table B-1. Error Messages (continued) 751 752 753 754 755 756 MESSAGE CREATOR SPECIFIED NEITHER IA NOR BA FOR ACCOUNT, SO BOTH WERE IMPOSED CAUSE You did not specify either interactive access (IA) or batch access (BA) for the account. These must be speci ed. ACTION This message is informational only. MESSAGE CREATOR SPECIFIED NEITHER IA NOR BA FOR USER, SO BOTH WERE IMPOSED CAUSE You did not specify either interactive access (IA) or batch access (BA) for the user. These must be speci ed.
Table B-1. Error Messages (continued) 758 760 761 762 764 765 MESSAGE EMBEDDED SPECIAL CHARACTER IN MANAGER'S NAME CAUSE The name of the manager can consist of both alphabetic and numeric characters. One of the characters in your manager name is neither alphabetic nor numeric. You probably mistyped the command. ACTION Retype the command. MESSAGE PASSWORD MUST START WITH ALPHABETIC CHARACTER CAUSE The password that you speci ed does not start with an alphabetic character.
Table B-1. Error Messages (continued) 767 768 769 770 771 773 MESSAGE FILES OPTION INAPPROPRIATE FOR USERS. IGNORED CAUSE You cannot specify the FILES option for a user. ACTION This message is informational only. MESSAGE EXPECTED POSITIVE INTEGER <2,147,483,647 AS SECTORS LIMIT CAUSE You speci ed a sectors limit with the FILES option that is greater than 2147483647. ACTION Spec y a new sectors limit that is less than 2147483647.
Table B-1. Error Messages (continued) 774 775 776 779 781 782 MESSAGE EXPECTED POSITIVE INTEGER <2,147,483,647 AS CPU SECONDS LIMIT CAUSE You speci ed a CPU limit that is greater than 2147483647. ACTION Spec y a new CPU limit that is less than 2147483647. MESSAGE CPU SECONDS LIMIT MAY NOT BE A NEGATIVE NUMBER CAUSE You speci ed a negative number for the CPU seconds limit. Only a positive number is allowed. ACTION This message is informational only.
Table B-1. Error Messages (continued) 784 785 786 787 788 789 MESSAGE "SM" CAPABILITY CANNOT BE REMOVED FROM MANAGER.SYS. REJECTED CAUSE You cannot remove System Manager (SM) capability from MANAGER.SYS. ACTION Review account structure capabilities in this manual. MESSAGE ATTEMPT TO REMOVE SM CAPABILITY FROM SYS ACCOUNT OVERRIDDEN CAUSE You cannot remove System Manager (SM) capability the SYS account. ACTION Review account structure capabilities in this manual.
Table B-1. Error Messages (continued) 790 791 792 793 794 795 MESSAGE GROUP CAPABILITIES REQUESTED EXCEED ACCOUNT CAPABILITIES! "NOT" GRANTED CAUSE The group capabilities cannot exceed the account capabilities. ACTION This message is informational only. MESSAGE GROUP FILE SPACE LIMIT REQUESTED LESS THAN ACTUAL SPACE ALREADY IN USE. COMMAND REJECTED CAUSE You have requested a group le space limit that is less than the space that is already in use. ACTION This message is informational only.
Table B-1. Error Messages (continued) 796 797 798 799 956 957 MESSAGE HOME GROUP REDUNDANTLY SPECIFIED. LAST OCCURRENCE USED. CAUSE You speci ed the home group more than once on the command line. The last home group speci cation is the one implemented. ACTION This message is informational only. MESSAGE LOCAL ATTRIBUTE REDUNDANTLY SPECIFIED. LAST OCCURRENCE USED CAUSE You speci ed the local attribute more than once on the command line.
ACD Related Error Messages 7100 This appendix lists error messages which may be encountered when creating or modifying ACDs. MESSAGE UNABLE TO DEALLOCATE ACD SPACE. (CIWARN 7100) CAUSE ACD information is kept as an MPE \pseudo extent". A pointer to this \pseudo extent" is maintained for each le or device which has an ACD. If you are attempting to delete an ACD, the pseudo extent will be deallocated by MPE. Even if the operation fails and you get this warning, the ACD will still be deleted.
7102 7103 7104 7105 MESSAGE ACD WAS CORRUPTED PRIOR TO BEING DELETED. (CIWARN 7102) CAUSE This message indicates that the ACD you deleted was corrupted. The delete operation succeeded so there is no ACD associated with the device or le in question. ACTION No action needs to be taken. The delete operation has removed the corrupted ACD. You can create a new ACD, if you wish, without any further side e ects. MESSAGE OPERATION FAILED ON SOME DEVICES SPECIFIED.
7221 7223 7224 7225 7227 7228 MESSAGE WILDCARDS NOT ALLOWED IN FILENAME HERE. (CIERR 7221) CAUSE You have speci ed a generic le name which contains wildcards as the target le name or the source le name in the :ALTSEC command. ACTION Repeat the :ALTSEC command for each le contained in the le set speci ed by the wildcard. MESSAGE LOCKWORDS NOT ALLOWED IN GENERIC FILE SETS. (CIERR 7223) CAUSE A generic le speci cation (one which contains wildcards) should not contain a lockword.
7229 7230 7231 7250 MESSAGE "_" (UNDERBAR) CHARACTER NOT ALLOWED IN DEVICE CLASS NAME. (CIERR 7229) CAUSE The \ " (underbar) character was included in a device class name. Device class names must begin with a letter and they can contain letters or numbers after the rst character. The maximum length for a device class name is 8 characters. ACTION Remove the \ " (underbar) character from the device class name and re-issue the command.
7251 MESSAGE DUPLICATE ACCESS MODE SPECIFIED. (CIERR 7251) CAUSE Your ACD speci cation contains a duplicated access mode in the list of access modes speci ed for a single ACD entry. Examples: :ALTSEC FILENAME;NEWACD=( R,W,R: FRED.SMITH ) The :ALTSEC command shown above is illegal because read access is speci ed twice for a single ACD entry (corresponding to user FRED.SMITH). :ALTSEC FILENAME;NEWACD=( R,W: JOE.SMITH; R,X: BILL.
7253 MESSAGE CONTRADICTORY ACCESS MODES SPECIFIED. (CIERR 7253) CAUSE You have speci ed access modes for a given entry which are contradictory. The examples below will clarify what is meant by contradictory access modes. Examples: :ALTSEC FILENAME;NEWACD=( R,W,NONE: @.@ ) The :ALTSEC command shown above is illegal because you are granting read and write access to the same user (@.@) you are granting no access. :ALTSEC FILENAME;NEWACD=( R,W: @.@; NONE: BILL.
7256 7257 7258 7259 MESSAGE MISSING CLOSE PARENTHESIS ")". (CIERR 7256) CAUSE You have omitted the close parenthesis \)" from your ACD speci cation. Unless you are using an ACD indirect le both the open and close parentheses are required. ACTION Re-issue the command and add the missing close parenthesis. MESSAGE MISSING COLON ":". (CIERR 7257) CAUSE You have omitted the colon character from your ACD speci cation. A colon is required after the access modes and before the user speci cation.
7261 MESSAGE USER NAME MUST BE "@" IF ACCOUNT NAME IS SPECIFIED AS "@". (CIERR 7261) CAUSE You must specify a standard MPE user speci cation. This speci cation must take one of the following forms: username.acctname @.acctname @.@ You must use \fully quali ed" user speci cations (for example, you cannot put the username by itself and default acctname to the logon account). 7262 ACTION Correct the user speci cation to conform to the rules speci ed above.
7265 MESSAGE USER SPECIFICATION MUST BE FULLY QUALIFIED. (CIERR 7265) CAUSE You must specify a standard MPE user speci cation. This speci cation must take one of the following forms: username.acctname @.acctname @.@ You must use \fully quali ed" user speci cations (eg: you cannot put the username by itself and default acctname to the logon account). 7266 7267 7268 7269 ACTION Correct the user speci cation to conform to the rules speci ed above. MESSAGE INVALID USER NAME SPECIFIED.
7270 7271 7272 7273 7274 7275 MESSAGE INTERNAL ERROR NUMBER "-270". (CIERR 7270) CAUSE An unexpected internal error has occurred. ACTION Try re-issuing the command. If you still get this error, contact your HP Representative and give him/her the internal error number. MESSAGE INTERNAL ERROR NUMBER "-271". (CIERR 7271) CAUSE An unexpected internal error has occurred. ACTION Try re-issuing the command.
7300 7301 7302 7303 MESSAGE ACD ENTRY DOES NOT EXIST. (CIERR 7300) CAUSE You are attempting to access (delete or replace) an ACD entry which does not exist in the speci ed ACD. ACTION You can list the content of an ACD using the :LISTF ,-2 command (for le ACDs) or the :SHOWDEV command with the ;ACD option (for device ACDs). MESSAGE THERE IS NO ACD ASSOCIATED WITH THE SOURCE FILE.
7304 7305 7306 7307 MESSAGE THE ACD ASSOCIATED WITH THE TARGET FILE IS CORRUPTED. (CIERR 7304) CAUSE You are attempting to copy a le ACD which is corrupted. ACTION You cannot copy this ACD because it is corrupted. It is possible to delete the ACD using the ;DELACD option on the :ALTSEC command. This will leave your le without an ACD to protect it.
7308 7309 7310 7311 MESSAGE THERE IS ALREADY AN ACD ASSOCIATED WITH THE TARGET LDEV. (CIERR 7308) CAUSE You are attempting to create a new ACD for (via the ;NEWACD option), or copy an existing ACD to (via the ;COPYACD option) a device which already has an ACD associated with it. ACTION You must either delete the existing ACD prior to executing the :ALTSEC command with the ;NEWACD or ;COPYACD option, or you must use the ;ADDPAIR and ;REPPAIR options to change the existing ACD.
7312 7313 7314 7315 MESSAGE INVALID ACD INDIRECT FILE CODE. FILE CODE MUST BE 0. (CIERR 7312) CAUSE You have speci ed an ACD indirect le with a non-zero le code. This should not be a problem very often because most editors create text les with a le code of zero. ACTION You can determine if the le code for a le is zero by using the :LISTF command. You can use :FCOPY to copy the le to another le which has a le code of zero. MESSAGE INVALID ACD INDIRECT FILE RECORD SIZE. MUST BE <= 88 BYTES.
7316 7317 7318 MESSAGE MAXIMUM NUMBER OF ACD ENTRIES (40) WOULD BE EXCEEDED. (CIERR 7316) CAUSE You are attempting to add some number of entries to the ACD. If you added these entries to the ACD then the total number of entries in the ACD would exceed the maximum number allowed (40). ACTION You cannot have more than 40 entries in a given ACD. You may be able to combine some of the entries by using wildcards.
7319 7320 7321 MESSAGE INCOMPATIBLE TARGET AND SOURCE FOR COPYING ACD. (CIERR 7319) CAUSE The target and source le/device speci ed on the :ALTSEC command must be of the same type. Either they must both be devices, or they must both be les. ACTION If you want to grant the same explicit access rights to a le and a devices you should create an indirect le containing the ACD speci cation and use this indirect le on the :ALTSEC command with the ;NEWACD option.
7322 7323 MESSAGE OPERATION FAILED ON ALL DEVICES SPECIFIED. (CIERR 7322) CAUSE The operation which you requested (;NEWACD, :DELACD, ;REPPAIR, ;DELPAIR, ;ADDPAIR, or ;COPYACD ) did not succeed for any of the devices in the the device speci cation. If a device class was speci ed, the operation failed for all of the devices in the device class. If \@" was speci ed, indicating all devices on the system, then the operation failed on all devices on the system.
7324 MESSAGE USER NOT ALLOWED TO COPY THE SOURCE ACD. (CIERR 7324) CAUSE The user attempting to copy the ACD does not have su cient capabilities, is not the creator of the le, or has not been granted explicit \read ACD" (RACD) permission. The capability requirements for copying an ACD are as follows: a user with SM capability can copy any ACD; a user with AM capability can copy any ACD associated with a le in the account for which he/she has AM capability; the creator of the le can copy the ACD.
7400 7401 7402 MESSAGE ACD INTERNAL ERROR. (CIERR 7400) CAUSE This message indicated that some kind of internal error occurred while processing your command. This message will be preceded by another message indicating the internal status and subsystem number. This information will be helpful in diagnosing the cause of the problem. ACTION Contact you HP Support Representative. MESSAGE ERROR ENCOUNTERED WITHIN ACD INDIRECT FILE.
7403 MESSAGE ACD INTERNAL STATUS ! - SUBSYSTEM NUMBER !. CAUSE An unexpected internal error has occurred. ACTION Try re-issuing the command. If you still get this error, call in the internal error number to your HP Representative.
Index A access control de nition see ACDs, 4-1 accessing les, directories, 4-13 access modes, 4-3 APPEND, 5-1 EXECUTE, 5-1 les, 5-1 LOCK, 5-1 READ, 5-1 SAVE, 5-1 user types, 5-2 WRITE, 5-1 account capabilities list of, 6-4 account manager, 4-7 accounts, 2-11 access modes, 5-4 capabilities, 6-1 characteristics, 2-9 components, 2-6 de ned, 2-7 designing a structure, 2-14 displaying capabilities, 6-2 le security, 5-4 listing capabilities, 6-2 relationships, 2-7 structure de ned, 2-6 users, 5-4 user types, 5-
copying, 4-17 copying les with ACDs, 4-17 creating, 4-14 deleting, 4-16 deleting an ACD pair, 4-16 devicec security, 4-1 displaying, 4-11 evaluation, 4-1 examples, 4-10 listing, 4-11, 4-12 modifying, 4-15 NONE access, 4-4 owners, 4-6 replacing, 4-15 replacing an ACD pair, 4-15 user speci cation, 4-4 adding an ACD pair, 4-15 ALTSEC command, 4-4, 4-14, 4-17 adding an ACD pair, 4-15 copying an ACD, 4-17 creating ACDs, 4-14 deleting an ACD, 4-16 deleting an ACD pair, 4-16 replacing an ACD pair, 4-15 APPEND acce
RELEASE, 5-8 RESUMELOG, 7-10 SECURE, 5-8 SHOWLOG, 7-10 SWITCHLOG, 7-10 commands - LOG con gurator CLEAR, 7-8 EXIT, 7-8 HELP, 7-4 HOLD, 7-8 OCLOSE, 7-6 SHOW, 7-6 SLOG, 7-6 ULOG, 7-7 commands - SYSGEN BASEGROUP, 7-8 KEEP, 7-8 LOG, 7-3 con guration changes clearing, 7-8 console log record, 7-36 console messages for log les, 7-11 conventions, 2-14 copying ACDs, 4-17 copying an ACD, 4-17 copying les with ACDs, 4-17 creating objects, 4-5 creating ACDs, 4-14 current working directory, 4-9 D deleting ACDs, 4-16 o
E F Index-4 entering an MPE command from the LOG con gurator, 7-8 entering the LOG con gurator, 7-3 evaluating ACDs, 4-1 EXECUTE access mode, 5-1 execute (x) access, 4-7 EXIT LOG con gurator command, 7-8 exiting the LOG con gurator, 7-8 le changing access to, 4-13 name conventions, 2-14 names, 2-13 renaming, 4-6 security, 4-9 le access restricting, 5-1 le access modes, 5-1 le close record (CM), 7-65 le close record (NM), 7-27 le-level security, 5-6 le names fully quali ed, 2-10 le open record, 7-53 le ow
G H I J GID, 4-7, 4-8 $GROUP, 4-5 group HFS, 4-8 MPE/iX, 4-8 group capabilities displaying, 6-2 listing, 6-2 list of, 6-4 group ID (GID), 4-7, 4-8 group-level default le security, 5-5 group-level security, 5-5 $GROUP MASK, 4-5 group names de ned, 2-10 fully quali ed, 2-10 groups access modes, 5-5 capabilities, 6-1 default le security, 5-5 displaying capabilities, 6-2 group names, 2-10 listing capabilities, 6-2 security, 5-5 user types, 5-5 HELP facility LOG con gurator, 7-4 HFS, 2-11 HFS le names, 2-13 H
K L Index-6 KEEP SYSGEN command, 7-8 LISTACCT command, 6-2 LISTF command, 5-7 LISTFILE command, 4-12, 5-7, 7-14 listing ACDs, 4-11 LISTGROUP command, 6-2 listing ACDs, 4-11, 4-12 listing capabilities, 6-2 listing group capabilities, 6-2 listing user capabilities, 6-4 LISTUSER command, 6-4 LOCK access mode, 5-1 lockwords, 5-7 displaying, 5-7 LOG SYSGEN command, 7-3 LOG con gurator, 7-3 entering an MPE command from, 7-8 exiting, 7-8 HELP facility, 7-4 see logging con gurator, 7-3 LOG con gurator commands CL
high-priority machine check record, 7-59 I/O error record, 7-31 job initiation record, 7-24 job termination record, 7-25 log failure record, 7-21 logical mount/dismount record, 7-34 log record types, 7-19 LOGTOOL utility, 7-12 low-priority machine check record, 7-63 managerial errors, 7-12 maximum records per le, 7-11 name format, 7-10 naming, 7-10 password changes log record, 7-42 physical mount/dismount record, 7-33 power failure record, 7-30 printer access failure log record, 7-46 process creation log re
M N O P R Index-8 MEMLOGP, 7-13 modifying ACDs, 4-15 MPE/iX le system, 2-11 MPE syntax, 2-13 NM le close record, 7-27 NMS spool le done log record , 7-38 objects, 4-1 creating, 4-5 deleting, 4-6 OCLOSE LOG con gurator command, 7-6 $OWNER, 4-5, 4-6 owner, 4-6, 4-8 ACDs, 4-6 password changes log record, 7-42 permissions directory, 4-8 physical mount/dismount record, 7-33 power failure record, 7-30 printer access failure log record, 7-46 privilege, appropriate, 4-7 process creation log record, 7-51 process
S SAVE access, 4-8 SAVE access mode, 5-1 saving con guration changes, 7-8 SECURE command, 5-8 securing le security, 5-8 security account-level, 5-4 ACDs, 4-1 default at group-level, 5-5 default le-level, 5-6 le-level, 5-6 le system, 5-1 group-level, 5-5 lockwords, 5-7 releasing le security, 5-8 standard le system, 5-1, 5-8 SHOW LOG con gurator command, 7-6 SHOWDEV command listing device ACDs, 4-11 showing current LOG values, 7-6 SHOWLOG command, 7-10 shutdown record, 7-30 SLOG LOG con gurator command, 7-6
T U W Index-10 tape labels record, 7-35 TD access, 4-3 traverse directory entries, 4-3 types of users, 5-2 UID, 4-8 ULOG LOG con gurator command, 7-7 user capabilities displaying, 6-4 listing, 6-4 list of, 6-4 user categories, 4-8 user identi cation, 4-8 user ID (UID), 4-8 user logging, 7-3, 7-7 user logging record, 7-50 user names de ned, 2-10 fully quali ed, 2-10 users at account-level, 5-4 at group-level, 5-5 capabilities, 6-1 types, 5-2 using les, 2-9 WRITE access mode, 5-1
