HP 3000 Manuals HP 3000 Manuals
MPE Level Security HP Desk consists of a suite of programs which reside in a group called HPMAIL in the SYS account, and several data files which reside in various groups in the HPOFFICE account. There is a list of HP Desk files in Chapter 22 . The main reason for storing the programs in the SYS account is that it is the only account that can be guaranteed to exist on any HP 3000 system and to have the capabilities needed to run the programs. Protecting Program and Data Files The security of jobs held in the MAILJOB group and run under the HPOFFICE account is maintained by the use of the Passedit and Mailstream programs. Passedit is the program which allows the passwords for any HPOFFICE group or user to be recorded (or changed) in a privileged file called MAILRECS.MAILDB.HPOFFICE. Details of how to use the Passedit program can be found in Chapter 15 . Mailstream is the job streamer program. It streams those jobs held in MAILJOB and run under HPOFFICE. When someone issues an operator command, say MAILMAINT, the Mailstream program looks in MAILRECS.MAILDB.HPOFFICE to see if there are any passwords on the groups and users accessed by any of the jobs it is about to stream. Wherever a password is required and has not been specified, The Mailstream program will automatically insert the correct password on the job line. The temporary file used to build the submitted job is deleted once it has been streamed. The practical outcome of this is that it is impossible for someone who has gained unauthorized access to your HP Desk system to find out sensitive group and account passwords by listing the job streams. This is particularly important in the case of maintenance, load and unload jobs which access the databases themselves. Using the Passedit program, you can put passwords on: * The HPOFFICE account. * The MAILJOB, MAILDB, MAILLIB, HPMAIL, PUB, and HPLIBRY groups. * The MGR, MAILMAN, and MAILTRCK users. * The Local, Global and Native Databases. It is strongly recommended that you put passwords on all of these. At the least, you should put passwords on the MGR user, the HPOFFICE account, and particularly the MAILDB group. These passwords should be changed on a regular basis. The Passedit program not only sets and changes passwords, it also lists them. It is strongly recommended that you put a lockword on the Passedit program to prevent unauthorized users from using this facility to find out the passwords currently set on the HP Desk program and data files. You might also want to move the second maintenance job (MNTSTORE.MAILJOB.HPOFFICE) so that it doesn't run under MGR.HPOFFICE. This job requires OP capabilities to run because it has to handle privileged files. So at installation, MGR.HPOFFICE is given OP capabilities. If you don't want this user to have such wide-ranging capabilities, you can move the store job to another user and account which already has these capabilities (OPERATOR.SYS for example). Once you have moved the store job, you must edit the first two Maintenance jobs to reflect the new group and account names. Comments detailing which lines to change and why are included in the job stream.
NOTE Do not attempt to alter the Maintenance jobs unless you have both programming and MPE experience.
Protecting the Databases As soon as you get your HP Desk system up and running, change the existing database password because it is a standard password set by Hewlett-Packard. Replace it with a password which is unique to your computer using DBUTIL. Once you have changed the database password, make sure that the next thing you do is let HP Desk know what the password is using the Passedit program. If you forget to do this, the Transport Manager, Slave Trucks, Master Trucks and so on will not be able to operate. All remote systems that are treated as DS Computers (rather than NS computers) must be re-configured to change or add a password in the HPOFFICE account or the MAILMAN user whenever you change these passwords on your local machine. Notify the Administrators of all the other computers which deliver mail to your system, so that the password is configured correctly on each computer which connects to yours. Since the databases reside in the MAILDB group of the HPOFFICE account, anyone who knows, or finds out, the database passwords can access HP Desk information using various utilities. There are a number of steps which can be taken to prevent this: * Firstly, both the Mailconfig and Mailutil programs should be protected with lockwords. You can do this using the MPE RENAME command. * Secondly, use DBUTIL to deny access to the database from subsystems like QUERY, for instance: :HELLO MGR.HPOFFICE,MAILDB :RUN DBUTIL.PUB.SYS >>SET LOCAL SUBSYSTEMS = NONE >>SET GLOBAL SUBSYSTEMS = NONE >>EXIT :BYE * Set passwords on any third party database access programs. The operator interface program requires exclusive access to some programs in the HPMAIL group of the SYS account. LOCK access to this HPMAIL group is necessary so that when the operator interface attempts access to a program such as MAILROOM, it can determine whether or not that program is currently in use. Ensure that LOCK access for HPMAIL.SYS is set to ANY. If you do not know enough about MPE to do this, see your System Manager for further details. Advice on Passwords Make sure that the passwords used on your computer are unique. For example, the password on the HPOFFICE account should not be the same for all machines in your network. Anyone who has either the database or MGR.HPOFFICE password has full database access. In view of this these passwords should be restricted, monitored and changed on a periodic basis.