topic Re: Security levels in Operating System - HP-UX

Security levels

Peston Foong — Tue, 07 Nov 2000 09:27:03 GMT

In HP-UX 11 64 bits, how many levels of security assessment. Is this only have two levels of authorization like root and operator. How do I assign the security level access to difference type of users.

To all experts. Thank you so much.

Regards
Peston.

Re: Security levels

Dan Hetzel — Tue, 07 Nov 2000 10:57:04 GMT

Hi,

Not sure I fully understood your question.

If it was regarding file permissions:

As in all unix O/S, users are defined as being members of groups.
Every file has permission bits for the owner,
the group and others (the rest of the world)
see 'man chmod'

In addition to that, you can define a more
selective access to files using access control lists (type 'man acl' for details)

If your question was more about the security level, a search for 'trusted system' will give you a whole bunch of info.

Dan

Re: Security levels

Peston Foong — Wed, 08 Nov 2000 01:48:12 GMT

Thank you for your replied. Here is what I mean about the standard security levels. For example, I want this guy to be my assistant and certain level of security files that his could not access like command shutdow, and certain command only administrator can do. How do I assign or create like some sort of assistant user profile to him.

Second, I would like to know that how does the security levels work in HP-UX or how many users access profile. I mean some systems have several levels of administration. And what are the authorization code that I should know in HP-UX 11. I just could not understand the HP-UX 11 64 bits the technical administrator, where can I find more about that.

Thanks a lot.

Peston.

Re: Security levels

Patrick Wallek — Wed, 08 Nov 2000 02:16:25 GMT

I think part of what you want to do can be accomplished by using the 'sudo' application. sudo will allow you set up users so that they have access to certain commands and can run them as the root user without actually having the root password. You can get sudo here: http://hpux.cae.wisc.edu/hppd/hpux/Sysadmin/sudo-1.6.2b1/

As far as security leves go, there aren't really any administrative type users as far as I know. There are certain commands that you can and can't do depending on what group you are in, but I can't give you a definitive list.

I think sudo would be your best bet initially.

Re: Security levels

Chris Garman — Thu, 09 Nov 2000 18:22:56 GMT

What I would use in your situation is restricted sam. It is now possible for you to assign standard user accounts access to each bit of sam. To configure this type sam -r. I think there is comprehensive on-line help, though it is straight-forward.

Chris

Re: Security levels

Rick Garland — Thu, 09 Nov 2000 20:26:59 GMT

The use of sudo can be very beneficial. In addition to specifying what commands can be run by who, you have a log file that keeps track of who did what and when. If you have an unexpected shutdown (that is not a crash) and you know you didn't do it, you can view the sudo log and get the info.

Re: Security levels

Peston Foong — Mon, 13 Nov 2000 06:37:13 GMT

I just would like to ask that simply download the SU patches, is it will give an endanger to the system?

Thank a lot to all experts.