PATHWAY configuration (per PATHMON)
The OWNER attribute specifies the owner of the PATHMON environment. That user can stop the
- PATHMON process,
- Add programs,
- Delete objects,
and make other modifications to the global configuration.
The SECURITY attribute, whose value is relative to the OWNER’s user ID, specifies who else can modify the PATHMON environment after you issue the START PATHWAY command.
- The default is “N” for TS/MP 2.0 and 2.1, and should be changed to “O”.
- The default is “O” for TS/MP 2.3 and later versions.
For all TS/MP versions, prior to issuing the START PATHWAY command the owner is the process access ID (PAID) of the PATHMON process and the SECURITY attribute is O (owner only).
HP recommends that the OWNER of a given PATHMON environment be a user ID associated with management of that specific application, rather than SUPER.SUPER or a member of the SUPER group.
SERVER configuration (per server class)
OWNER specifies the user ID that controls access from a Pathsend process to a specific server class. (The TCPs ignore this server attribute.)
If not specified, OWNER defaults to the user ID who started the PATHMON process. Specify an appropriate user.
SECURITY specifies the users, in relation to the OWNER attribute, who can access a server class from a Pathsend requestor. (TCPs ignore this attribute.) The default is “N”, which should be changed to the most restrictive setting that does not interfere with correct application operation.
For Guardian servers, ensure that server class ASSIGNs and DEFINEs point to the appropriate files, and that the server class volume is explicitly set. Similar considerations apply to CWD and ARGLIST for OSS servers.
For OSS server classes, UMASK specifies the default permissions for the owner, group and others for OSS files created by the server process instance (see General OSS file security for more information on umask).
The default for UMASK is -1; HP recommends that you set it to a more restrictive value (022 or tighter).
Network security
The PATHMON process controlling the server class has to have corresponding user IDs and remote passwords with all of:
• The system where the requesting process is running
• The system where the PATHMON process is running
• The system where the server class is running
This level of security is required because the LINKMON process or the ACS subsystem processes must be able to open the PATHMON process (to make link requests);
the LINKMON process or the ACS subsystem processes must be able to open the server processes (to send user requests);
and the PATHMON process must be able to open the server processes (to send startup messages).
All of these opens are performed with the PATHMON user ID.
Note: If the user starting the PATHMON process is an alias, then the alias must have matching remote passwords on all involved systems. It is not sufficient for the underlying user ID to have matching remote passwords
Note: The user ID of the Pathsend process need not have remote passwords to the PATHMON system or to the server-class system to access the server class.
Moreover, the Pathsend-process user ID need not be known on the PATHMON or serverclass
systems.
Server-class security
LINKMON processes or ACS subsystem processes perform authorization checks on each server-class send operation to make sure that the user ID of the Pathsend process at the time of the send conforms to the server class’s OWNER and SECURITY attributes. You set these
No comments:
Post a Comment