HP 3000 Manuals HP 3000 Manuals
Shared Disc Security
When multiple users have access to the same files, security strategies
are especially important. Shared file security is provided by MPE
accounting structures, the structure of shared disc files, share pathing,
permissions, passwords, and volume management.
MPE Security
Because shared disc files reside on the HP 3000, they are protected by
MPE account and group security. Plan the accounting structures of your
shared discs so that MPE security defines access to various kinds of
information.
No matter what accounting structure you use for the Resource Sharing
logon, no PC user running under the Resource Sharing session can issue
MPE commands or find out passwords from within that session. See
"Resource Sharing Logon" earlier in this chapter for more information.
Security through Shared Disc File Structure
The file structure of files stored on a shared disc prevents users from
accessing the data in them directly from the HP 3000. It is difficult
even for someone logged on to the MPE group in which the files reside to
access, purge, or copy the data inside the files.
MPE Access.
All DOS files on a shared disc are privileged files. Privileged files
cannot be purged or renamed, and data in privileged files cannot be
accessed through programs such as EDITOR or FCOPY.
Shared disc files are accessible from the HP 3000 only by using the
Resource Manager Utility (RESMGR) and Disc Manager Utility (DISCMGR). To
access a file through DISCMGR, the user must know the sharename and its
password. These can be found by using RESMGR, but not easily. RESMGR is
subject to the normal MPE account security (for example, needing AM
capability to see passwords outside your logon group), and you can
further secure RESMGR by putting a lockword on its program file. To
reduce the danger of someone writing a privileged mode program to access
shared disc data, limit the accounts which have PM capability.
File Naming Scheme.
The names used for shared disc data files and files used to implement
shared disc processes are not based on PC filenames. Instead, the naming
structure is based on a scheme that facilitates recovery of a file from
an HP 3000 backup or store tape through RESMGR. This means that no user
logged onto an MPE group will be able to figure out the DOS name of any
shared disc file by looking at a list of files in the group.
The following file names are found in groups that have a shared disc:
* VDROOT - a file created by RESMGR in the MPE account and group
defined as the path for a new shared disc. VDROOT identifies this
account and group as the root directory of a shared disc. VDROOT
contains information required to cross-reference between each DOS
file name in the DOS root directory and its corresponding MPE file
name, VDTnnnnn. The root file also contains the information
needed to map between DOS directory names and MPE VDT files.
There is enough room in this file for the maximum number of shared
disc files that can exist in an MPE iX group (30,000).
VDROOT is purged only when the shared disc is deleted with RESMGR.
* VDTnnnnn - a file with this name format (the letters VDT followed
by five numbers) contains the actual data for a specific DOS file.
There is one VDT file for each DOS file created on that shared
disc. For example, if the DOS command DIR *.* is used for a
shared disc with no subdirectories and 15 file names are listed on
the PC, there will be 15 VDT files in the group holding the shared
disc.
A VDT file is purged when its corresponding DOS file is deleted.
The following file names may also be found in groups that have a
shared disc:
* AUTOCONN - a file that automatically connects you to specific
shared discs when you run DISCMGR. You create the AUTOCONN file
and control its contents by using DISCMGR. Resource Sharing looks
for a file named AUTOCONN when DISCMGR is run.
You can also create an automatic connection file to run whenever
you need the connections by creating a file with a name of your
choosing. You use the AUTOCONNECT command in DISCMGR to run that
file when you need the connections.
The AUTOCONN file and other automatic connection files can be
purged only with DISCMGR.
Unsecured Files.
Certain Resource Sharing files have SECURITY OFF. If these files are
SECURED, network errors result. The files include:
DGCONFIG.PPC.SYS NODETBL.PPC.SYS
PDCONFIG.PPC.SYS PDSHARE.PPC.SYS
VDTnnnnn.@.@ VDROOT.@.@
SYSLOG.PPC.SYS
Using Share Paths for Security
Shared discs provide additional security by allowing you to define how PC
users connect to shared discs.
Only one shared disc can be associated with each group of each HP 3000
account. Each shared disc starts with a root directory which is the
account and group where the shared disc resides. The shared disc root
directory is established when you create a shared disc with RESMGR. You
may then create DOS subdirectory structures within the shared disc and
define sharenames that give access to a particular subdirectory. See
"Setting Up for Shared Files" earlier in this chapter.
When you define a sharename, you specify the complete path the sharename
represents, starting at the root directory. If you want the sharename to
point to a subdirectory below the root, give that sharename a path that
includes each subdirectory, down to the level where you want the user to
connect to the shared disc. When a connection is made to this sharename,
the user can create and access lower subdirectories, but cannot see or
access any higher subdirectories.
Here is an example of a sharename path:
\USRACCT\USRGROUP\SUBDIR1\SUBDIR2\USERDIR
With this path, the sharename connects directly to the USERDIR
subdirectory. A user of this sharename cannot access any files in the
root directory \USRACCT\USRGROUP, or in SUBDIR1 or SUBDIR2.
Shared Disc Permissions
Permissions associated with sharenames can also be used to secure the
integrity of shared disc files. The permissions that can be assigned to
individual shares are:
* R (Read)
* W (Write)
* C (Create)
The default is all three permissions, RWC. R and RW also allow useful
work.
Create permission does not mean that the user can create a new file.
Rather, it allows the user to create a directory entry for the file. It
takes Write permission to actually write data in the file. Since most PC
applications do some reading from the file, the combination WC is usually
not a valid permission.
Permissions are not applied to individual files, but are associated with
the sharename. When a PC user uses a particular sharename to connect to
the disc, that user has all the permissions granted to that sharename.
This allows you to give one person RWC persmissions to access shared disc
files and another person Read only permission to those same files. In
this example, both sharenames have the same path but different
permissions.
As a general rule, group files together where a particular user or group
of users need Write permission on a single shared disc. Then, carefully
consider which permissions should be assigned to which users of each
shared disc. Use HP 3000 accounting structures that will support the
shared disc access your users need.
CAUTION Use extreme care before allowing multiple users to modify data,
because file and record locking capabilities are totally
dependent upon the application. Carefully analyze the file
and/or record locking features of each networked application
accessing the data before allowing multiple users to have
simultaneous write access to files on a shared disc.
All groups in the SYS or HPOFFICE accounts are designated for
specific purposes. Do not create a shared disc in any group of
either the SYS or HPOFFICE accounts.
In cases where a user needs private access to a shared disc, you can
create a shared disc in a group that is normally used only by the user
who needs it. Give that group a password for additional security.
Share Passwords
Access to shared discs can be protected by a password associated with the
sharename.
To check share passwords, use the Resource Manager Utility (RESMGR). See
"Displaying the Share Status" in Chapter 9.
To change share passwords or add them at a later time, use RESMGR. See
"Modifying Share Parameters" in Chapter 9. Change or add the passwords
for any automated uses, as described in your PC network configuration
manual.