Trusted System Administration

The administration of a C2-level HP-UX system is your responsibility as system administrator.

HP-UX generally supports two types of users:

HP-UX provides C2-level security in a multiuser environment. Users can authorize or restrict access to files they own. This is accomplished by means of a discretionary access control (DAC) policy which is enforced through Access Control Lists (ACLs) and traditional UNIX access controls specified using protection bits.

The superuser can customize SAM to meet specific system needs and needs of individual users. SAM supports separate operator and administrative functions by allowing the superuser to enable or disable access to specific task menus.

Administering an HP-UX system and its users is normally done using sam(1M), a menu-driven interface program.

System Administration Manager

HP's System Administration Manager, sam(1M), is included as part of the TCB in a C2-level trusted HP-UX system. SAM provides an easy-to-use interface for performing setup and other essential system administration tasks.

	NOTE: SAM can only be used in character mode in a trusted system.

By default, only the superuser can use sam(1M). The superuser may optionally set up a restricted sam(1M) to allow particular users to administer specific functional areas of sam(1M). The sam(1M) main menu is the list of functional areas. In addition, sam(1M) maintains a log of actions taken by system administrators including actions that change the system configuration.