Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 HP 9000 Computer Systems : Administering Your HP-UX Trusted System > Chapter 3 Practices that Enforce the Trustworthiness of the System

Root Use Guidelines
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

Commands and system calls used only by the system administrator are reserved for the superuser. To protect the system, observe the following:

  • Restrict knowledge of the root password to the barest minimum number of people--one if possible. The root password should be held in strictest secrecy and changed periodically.

  • All root accounts should have PATH set (in .profile or .login) to some default that does not contain the current directory ("dot"). The following PATH is recommended: /bin:/usr/bin:/etc

  • Most system administration tasks should be performed by invoking SAM, because its menus restrict choices and thus reduces potential damage.

  • If the root user forgets the root password, reboot the system in single-user state, and reassign the password.

  • Superusers should construct at and cron jobs carefully. When at and cron are executed, the system searches the path set by root.

  • Set your file creation mask with a umask of 077 before creating a file. This restricts read and write permissions to the file owner by default.

  • Do not leave executables where they were developed. Restrict access to executables under development.



Privileged Groups
  		 


Chapter 4 Practices that Compromise the Trustworthiness of the System  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© Hewlett-Packard Development Company, L.P.