Administering systems

System security

As a system owner or administrator, one of your primary concerns is the integrity of information on the systems you control. The system employs the concept of ``file permissions'' to control access to information stored in files, and ``privileges'' to the ability of users to execute system commands. Users who have been granted access to administrative commands or system files are said to be ``privileged'' users.

NOTE: Do not confuse privileges with authorizations, which assign access to SCOadmin managers.

File permissions are particularly important in the area of system administration, because unauthorized changes to system files and use of commands can adversely affect the productivity of users and the usability of the operating system. Therefore, you should not normally change permissions on system files.

Some computer installations that require more stringent security may spread administrative responsibilities -- and thus privileges -- among several different users. UnixWare offers a method to assign roles (or commands) to users: a database called tfadmin(1M) (``trusted facility administration'') in which individual tasks are associated with isolated sets of privileges. A trusted facility database is set up automatically when your system is configured; if you are the first person to set up a login name on the system, your login will be recorded in the tfadmin database and all authorizations that control access to SCOadmin managers will be assigned to you. Later, however, you can add the logins of others to whom you want to assign permissions for specific tasks. By assigning task-specific authorizations in this database, you can avoid conferring the amount of authority on one user that makes the root login so powerful.

Next topic: Administration interfaces
Previous topic: multiscreen example

© 2004 The SCO Group, Inc. All rights reserved.
UnixWare 7 Release 7.1.4 - 22 April 2004