User's Guide to MPE/iX Security: HP 3000 MPE/iX Computer Systems > Chapter 1 IntroductionComponents of the Account Structure |
|
The account structure consists of four components: accounts, groups, users, and files.
The system directory is the system's internal list of accounts, groups, users, and files. It keeps track of their characteristics and their relationships. Figure 1-1 “Account Relationships” illustrates the relationship between accounts, groups, and users. Accounts (TECHNLGY, MARKTING, SYS, for example) are shown horizontally, across the top of the diagram. Groups (RESEARCH, SALES, RECORDS, for example) are stacked vertically under their accounts. Users (KEVIN, CHARLES, DIANE, for example) appear under their home groups. The solid black lines in Figure 1-1 “Account Relationships” indicate firm, primary relationships. Notice that all users have their strongest relationships with their accounts, and all groups have their strongest relationships with their accounts. The gray lines indicate less solid relationships; although users have a solid relationship with the account, they also have a convenience relationship with a home group. Users are most likely to work in and to have files stored in their home group. Notice in Figure 1-1 “Account Relationships” the occasional odd spelling, like TECHNLGY and RECRUITG. All account, group, user,and file names must be eight characters or fewer in length. Figure 1-2 “An Individual Account” shows the structure of an individual account. Not all accounts look like the one in Figure 1-2 “An Individual Account”, but most are similar. Every account has a name, a PUB (PUBLIC) group, and an account manager. When you first create an account, the account manager has the PUB group as a home group. The account manager is responsible for establishing the groups and users within the account. In the example above, the group named RESEARCH is the home group for three users, ENGINRG is the home group of three users, and MFGENGG is the home group of three users. In each case, the users are likely to do their work in their home group. Because their main relationship is to the account, they can log on to any group in the account if they know the group passwords. You can also create users who do not have a home group. These users can log on to any group, but must specify the desired group and its password when they log on. When you do almost any kind of work with a computer, you work with files. Reports, spreadsheets, program listings, letters, management tools, and more all exist within the system in the form of files. The files belong to the groups in an account as shown in Figure 1-3 “Groups, Users, and Files”. The system stores the files necessary for operating the computer. For example, utilities, system libraries, program subsystems, languages, compilers, user-defined commands, and the system itself are in the SYS (SYSTEM) account's PUB group. The PUB groups in other accounts contain files that the users of those accounts share. Files in other groups are usually the private files of that group's users. Every system has standard accounts, groups, and users. Each system has a SYS (for system) account. It contains the operating system, shared programs, and files shared by the members of all accounts. Each account has a group named PUB (for public). The PUB account contains certain publicly accessible files. For example, the PUB group of the SYS account contains system programs available to allusers. The user MANAGER is built in to the SYS account. MANAGER is the initial system manager. Notice that each account, group, and user in Figure 1-3 “Groups, Users, and Files” has a name. Files also have names. An account, group, user, or file name must be eight characters or fewer in length. It must begin with an alphabetic character. Subsequent characters can be alphabetic or numeric. Account names must be unique, but notice that each account has a group named PUB. Group names must only be unique, within an account. Files must have unique names within a group, but two files in different groups might have the same name within an account. User names must be unique within an account, but two users in different accounts might have the same user name. For example, in Figure 1-1 “Account Relationships”, there is a user named BOB in both the FINANCE and MARKTING accounts. The system distinguishes between users with the same name by using both the user and account name as the user's fully qualified name. By convention, fully qualified user names take the form:
For example, the fully qualified name of the user BOB in the FINANCE account is BOB.FINANCE. The BOB in MARKTING has the full name BOB.MARKTING. The two BOBs may or may not be the same person, but to the system they are different users. When users log on to the system, they use their fully qualified names. For example:
Groups have fully qualified names that are similar to fully qualified user names. A fully qualified group name has the following form:
For example, the PUB group of the TECHNLGY account has the fully qualified name PUB.TECHNLGY. The PUB group of the SYS account has the fully qualified name of PUB.SYS. Think of the notation PUB.SYS as short for the PUB group of the SYS account. Fully qualified file names include the file's name, its group, and its account. A fully qualified file name has the following format:
For example, a file named "FILEA" in the "RESEARCH" group of the "TECHNLGY" account has the fully qualified name "FILEA.RESEARCH.TECHNLGY". A file's fully qualified name distinguishes it from any other file in the system. You can use a file's fully qualified name to access it from anywhere in the system (if you pass the file access restrictions). |