HP OpenVMS Guide to System Security > Chapter 13 Using Protected Subsystems

System Management Requirements

  Table of Contents

  Glossary

  Index

Although an unprivileged user can build and manage a protected subsystem, you need to be involved at two points in the process: at the beginning to create the necessary identifiers for the subsystem and at the end to mount the volume with the protected subsystem.

You need to perform the following tasks:

  1. Create identifiers for the subsystem, each with the Subsystem attribute. The Subsystem attribute empowers the identifier's holder to manage the subsystem.

  2. Grant these subsystem identifiers with Subsystem attributes to the people who will serve as managers of the subsystem. This enables them to assign the subsystem identifier to the images that make up the subsystem.

  3. Give the subsystem managers control access to application images. They need control access so they can add Subsystem ACEs to the image ACLs.

  4. Give the subsystem managers control access to existing resources that are to be managed by the protected subsystem.

    Although subsystem managers may need control access to key system resources, the ACL on the objects limits their access rights to only those resources. This may not be as dangerous as installing an image with SYSPRV.

The following example shows how you can set up identifiers and the necessary application access so that users can manage a membership list:

Example 13-1 Setting Up Identifiers and Application Access for Managing Membership List

$ SET DEFAULT SYS$SYSTEM
$ RUN AUTHORIZE
UAF> ADD/IDENTIFIER MEMBERS_SUBSYSTEM-               [1]
_UAF> /ATTRIBUTES=(SUBSYSTEM,RESOURCE)
UAF> GRANT/IDENTIFIER MEMBERS_SUBSYSTEM -            [2]
_UAF> /ATTRIBUTES=(SUBSYSTEM,RESOURCE) LOUIS
UAF> GRANT/IDENTIFIER MEMBERS_SUBSYSTEM -
_UAF> /ATTRIBUTES=(SUBSYSTEM,RESOURCE) WU
$ SET SECURITY/ACL=(IDENTIFIER=MEMBERS_SUBSYSTEM,-   [3]
_$ ACCESS=CONTROL) MEMBER_LIST.EXE
  1. Use AUTHORIZE to create a subsystem identifier called MEMBERS_SUBSYSTEM. Notice that this identifier carries the Subsystem attribute.

  2. Make Louis and Wu holders of the identifier so they can manage the subsystem.

  3. Give Louis and Wu control access to the subsystem image MEMBER_LIST.EXE.

Note that you create the subsystem identifier MEMBERS_SUBSYSTEM with the Resource attribute. This allows disk space to be charged to the identifier MEMBERS_SUBSYSTEM and not the individuals accessing the subsystem. (When using the Resource attribute, be careful to set the appropriate ACLs on directories [see “Setting Up the ACL”].)