- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- Re: User Priviledges
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-24-2006 11:33 PM
04-24-2006 11:33 PM
I'm new a VMS cluster, and we are about to have a security audit.
What I'm looking for is a simple way to list users that have a specific priviledge. I don't seem to be able to see how to achieve this.
Andrew
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-25-2006 12:01 AM
04-25-2006 12:01 AM
Solutionassuming you have no special utilities (like GETUAF, or some security package) at your disposal, one way to do this using only native VMS utilities is
(if SYSUAF logical not defined then $ SET DEFAULT SYS$SYSTEM first)
$ MCR AUTHORIZE LIST *
# SEARCH SYSUAF.LIS "Username:",
Any username immediately preceeding the listed priv in SYSUAF.PRIV is one sought for.
If you have many non-priv'd users, you can easily EDIT those out of the list.
Mind, in the occasions where a username holds a the priv both "Authorized" AND "Default", it will be listed twice under that username.
Note also, that several utilities are available to get the info in one pass, and if this is a regular excersise, it might be rewarding to get one of those. For a one-time inventory, the above will do well enough.
hth
Proost.
Have one on me (maybe in May in Nashua?)
jpe
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-25-2006 12:04 AM
04-25-2006 12:04 AM
			
				
					
						
							Re: User Priviledges
						
					
					
				
			
		
	
			
	
	
	
	
	
ftp://ftp.process.com/vms-freeware/fileserv/scanuaf.zip
This also works
ftp://ftp.process.com/vms-freeware/fileserv/uaf.zip
Purely Personal Opinion
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-25-2006 12:16 AM
04-25-2006 12:16 AM
			
				
					
						
							Re: User Priviledges
						
					
					
				
			
		
	
			
	
	
	
	
	
>>>
$ MCR AUTHORIZE LIST *
<<<
Put a /FULL in there to get a verbose listing of all accounts, else you get a list with one line per account and only a privilege group.
HTH,
Martin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-25-2006 01:02 AM
04-25-2006 01:02 AM
			
				
					
						
							Re: User Priviledges
						
					
					
				
			
		
	
			
	
	
	
	
	
I concur, if the auditor is familiar with OpenVMS, he will be most comfortable with the standard listing from AUTHORIZE (do not be surprised if he wants to witness it or run it himself).
As preparation for the audit, consider the fact that large numbers of privileged users are a "Red Flag" on a security audit. Be prepared to provide an explanation of each privileged user and their privileges, it will demonstrate that you are alert to the issues.
Consider reducing the number of privileged accounts. I have had great success limiting the number of privileged users at my client's installations, and it makes security (and other) audits far simpler. See my presentation from HPWORLD 2004 at http://www.rlgsc.com/hpworld/2004/N227.html and my "OpenVMS Security" chapter in the Handbook of Information Security, abstract and brochure at http://www.rlgsc.com/hinfosec/hinfosec.html
I hope that the above is helpful.
- Bob Gezelter, http://www.rlgsc.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-25-2006 01:11 AM
04-25-2006 01:11 AM
			
				
					
						
							Re: User Priviledges
						
					
					
				
			
		
	
			
	
	
	
	
	
Cheers Guys
Just really digging around at the moment, I'm jointly responsible for a HP-UX and OpenVMS environments and I'm much more familiar (by a matter of months) with the UX stuff.
I've found the information I was looking for thanks to your help so I'm closing the thread.
Andrew
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-25-2006 01:11 AM
04-25-2006 01:11 AM
			
				
					
						
							Re: User Priviledges
						
					
					
				
			
		
	
			
	
	
	
	
	
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-26-2006 03:31 PM
04-26-2006 03:31 PM
			
				
					
						
							Re: User Priviledges
						
					
					
				
			
		
	
			
	
	
	
	
	
Phil
http://h71000.www7.hp.com/openvms/journal/v7/vms_check_tool.html
