Controlling Access to Your System

You can control who has access to your system, its files, and its processes.

Controlling Login Access

Authorized users gain access to the system by supplying a valid user name (login name) and password. Each user is defined by an entry in the file /etc/passwd. Use SAM to add, remove, deactivate, reactivate, or modify a user account.

For additional information about passwords, refer to passwd(4) and passwd(1). To manually change user account entries, use the /usr/sbin/vipw command to edit /etc/passwd; see vipw(1M) for details.

Controlling File Access

Working groups, file permissions, and file ownership all determine who can access a given file.

Defining Working Groups

Users on your system can be divided into working groups so that files owned by members of a given group can be shared and yet remain protected from access by users who are not members of the group. A user's primary group membership number is included as one entry in the /etc/passwd file. Group information is defined in /etc/group and /etc/logingroup.

Users who are members of more than one group, as specified in /etc/group, can change their current group with the /usr/bin/newgrp command. You do not need to use the newgrp command if user groups are defined in /etc/logingroup. If you do not divide the users of your system into separate working groups, it is customary to set up one group (usually called users) and assign all users of your system to that group.

Use SAM to add, remove, or modify group membership.

To manually change group membership, edit /etc/group and optionally /etc/logingroup with a text editor, such as vi. Although you can enter a group-level password in /etc/group, it is not recommended. To avoid maintaining multiple files, you can link /etc/logingroup to /etc/group. For details on the /etc/group and /etc/logingroup files, refer to group(4).

There are special privileges that you can assign to a group of users using the /usr/sbin/setprivgrp command. For information, refer to setprivgrp(1), setprivgrp(2), getprivgrp(1), rtprio(1), rtprio(2), plock(2), shmctl(2), chown(1), chown(2), lockf(2), setuid(2), and setgid(2).

Setting File Access Permissions

The /usr/bin/chmod command changes the type of access (read, write, and execute privileges) for the file's owner, group, member, or all others. Only the owner of a file (or the superuser) can change its read, write, and execute privileges. For details, see chmod(1).

By default, new files have read/write permission for everyone (-rw-rw-rw-) and new directories have read/write/execute permission for everyone (drwxrwxrwx). Default file permissions can be changed using the /usr/bin/umask command. For details, see umask(1).

Access control lists (ACLs) offer a finer degree of file protection than traditional file access permissions. With the /usr/bin/chacl command, you can use ACLs to allow or restrict file access to individual users unrelated to what group the users belong. Only the owner of a file (or the superuser) can create ACLs with the chacl command. For additional ACL information, see lsacl(1), chacl(1), and acl(5), and Chapter 12, "Managing System Security" in this manual.

Setting Ownership for Files

The /usr/bin/chown command changes file ownership. To change the owner, you must own the file or have superuser privileges.

The /usr/bin/chgrp command changes file group ownership. To change the group, you must own the file or have superuser privileges.

For more information, refer to chown(1) and chgrp(1).

Controlling Usage and Processes with Run-Levels

A run-level is an HP-UX state of operation in which a specific set of processes is permitted to run. These processes and default run-levels are defined in the file /etc/inittab.

The run-levels are:

Run-level s: The operating mode system administrators use (often called "single-user state"). This mode ensures that no one else is on the system while you are performing system maintenance tasks. In this run-level, the only access to the system is through the system console by the user root. The only processes running on the system can be the shell on the system console, background daemon processes started by /sbin/rc, and processes that you invoke. Commands requiring an inactive system (such as /sbin/fsck) should be run in run-level s.
Run-level 1: Starts a subset of essential system processes; can also be used to perform system administration tasks.
Run-level 2: The operating mode typically called "multi-user state". This mode allows all users to access the system.
Run-level 3: For NFS servers. In this mode, NFS file systems can be exported, as required for NFS servers.
Run-level 4: For HP VUE users. In this mode, HP VUE is active.

The default run-level is usually run-level 3 or 4, depending on your system.

You can create new run-levels or change which processes can run at these predefined run-levels by adding a new entry or changing an existing entry in /etc/inittab. This file defines how you want the system to operate when in a specific run-level. Any user with write permission for /etc/inittab can create new run-levels or redefine existing run-levels. See inittab(4) for details.

You can use SAM to shut down a system and change the current run-level to single-user state. Use the "Routine Tasks" and "System Shutdown" menus.

The superuser logged in at the system console can also change the current run-level with the /sbin/init command, as follows:

Warn all users who are currently logged in. Whenever the run-level of the system is changed, any process that does not have a run-level entry matching the new run-level will be killed. There is a grace period of 20 seconds after an automatic warning signal is sent.
To change to run-level s, use the command
shutdown
To change to a run-level other than run-level s, use the command
init new_run-level
See shutdown(1M) and init(1M) for details.

CAUTION:

Only use the shutdown command to change to run-level s (that is, do not specify /sbin/init s). The shutdown command safely brings your system to run-level s without leaving system resources in an unusable state. The shutdown command also allows you to specify a grace period to allow users to terminate their work before the system goes down. For example, to enter run-level s after allowing 30 seconds, enter:
shutdown 30
To shut down immediately, enter one of the following:
shutdown now
shutdown 0
Do not use run-level 0; this is a special run-level reserved for system installation.

For increased security, ensure that the permissions (and ownership) for the files /sbin/init and /etc/inittab are as follows:

-r-xr-xr-x bin bin /sbin/init

-r--r--r-- bin bin /etc/inittab