 |
The Question is:
Hi,
I want to define a general operator through adduser utility with minimum
security privileges provided (netmbx only). After logging through this general
user i want operators(with full security privileges granted ) to login and
their corresponding log files be generated.
for this i am using the command in my shell script
$ set host 0 /log
(a)Can you suggest any other method ?
(b) the files sethost.log can be edited through any account even though
the protection given is
$set protection=(S:R,O:R,G:R,W:R) sethost.log
can you describe what commands are to bo issued for file protection.??
(c)what are proxy accounts? can proxy account do the same work??
The Answer is :
In other words, you wish to maintain a tracing of all activities...
There is no particularly supported means for this.
Alternative approaches include enabling and using system alarms
and system auditing, and configuring privileges and identifiers
and access control lists appropriately for the (required) access.
Also of interest can be subsystem identifiers and installed (with
privileges) images -- of these two, the former often provides an
easier and more controllable approach.)
The OpenVMS Wizard does not normally recommend generic usernames,
as this hinders security -- passwords cannot be changed as easily,
and establishing individual responsibility is difficult at best.
For details on OpenVMS file protections and security in general,
please see the OpenVMS system security manual, and particularly for
this case please see the information included there that is related
to the resource identifier mechanism, and to the creation and operation
of scratch directories and such.
Also note that your OpenVMS version is sufficiently ancient as to
lack specific security-related changes made in slightly less ancient
OpenVMS releases -- specifically V6.0 and later -- and these OpenVMS
changes were designed to address the privileges and requirements for
superceding files, and the associated file protection checks needed.
|
|
|
|
|
