Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
HP-UX System Administrator's Guide: Configuration Management: HP-UX 11i Version 3 > Chapter 4 Configuring Users and Groups

Configuring System and User Security

» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Index

Configuring System Default Security Attributes

  1. Start HP SMH:

    • Using the web-based version of the HP SMH:

      1. Use the URL: http://your_system:2301 to start the web-based interface in your browser.

      2. Log in using the user name and password of an account with the appropriate privleges (usually root)

    • Using the text-based interface:

      1. Enter the command: /usr/sbin/secweb -t to start the text-based interface.

  2. Navigate to the System Defaults page:

    • Using the web-based version of the HP SMH:

      Select Tools → Auditing and Security Attributes Configuration(web-based) → System Defaults

    • Using the text-based interface:

      Press c to select Security Attributes Configuration. Then press s to select System Defaults.

  3. In the text-based version of the interface, the table in Figure 4-1 is displayed. It shows each attribute's name, its default value, and its current setting. The individual attributes are described in the security(4) manpage.

    In the web-based version of the interface, a similar list is displayed.

    Figure 4-1 Security Attributes Configuration: System Defaults

    ------------------------------------------------------------ Attribute                          Default         Value ============================================================ ABORT_LOGIN_ON_MISSING_HOMEDIR     0               <default> ALLOW_NULL_PASSWORD                1               <default> AUDIT_FLAG                         1               <default> AUTH_MAXTRIES                      0               <default> BOOT_AUTH                          0               <default> BOOT_USERS                         root            <default> DISPLAY_LAST_LOGIN                 1               <default> INACTIVITY_MAXDAYS                 0               <default> LOGIN_TIMES                        Any             <default> MIN_PASSWORD_LENGTH                6               <default> NOLOGIN                            0               <default> NUMBER_OF_LOGINS_ALLOWED           0               <default> PASSWORD_HISTORY_DEPTH             1               <default> PASSWORD_MIN_LOWER_CASE_CHARS      0               <default> PASSWORD_MIN_UPPER_CASE_CHARS      0               <default> PASSWORD_MIN_DIGIT_CHARS           0               <default> PASSWORD_MIN_SPECIAL_CHARS         0               <default> PASSWORD_MAXDAYS                   -1              <default> PASSWORD_MINDAYS                   0               <default> PASSWORD_WARNDAYS                  0               <default> SU_DEFAULT_PATH                    {null}          <default> SU_KEEP_ENV_VARS                   {null}          <default> SU_ROOT_GROUP                      {null}          <default> UMASK                              0               <default>
  4. To view more information about an attribute:

    • Using the web-based version of the HP SMH:

      Click on the attribute you want information about. Details will be displayed at the bottom of your browser window.

    • Using the text-based interface:

      Highlight the attribute and press Enter. For example, for the NOLOGIN attribute, the screen would show:

      Attribute         NOLOGIN Description       Can /etc/nologin be used to disable non-root logins? (0=No 1=Yes) Min Value         0 Max Value         1 Default           0 Value             0
  5. To modify the value:

    • Using the web-based version of the HP SMH:

      With the desired attribute highlighted (you clicked on it), select » Modify System Value ... on the right-hand side of the display.

      A new page will be displayed with the description and current value for the attribute.

      Enter a new value for the attribute and click on the Modify button at the bottom of the display.

      NOTE: To preview what command will be executed by HP SMH before you click on Modify, you can click on Preview.
    • Using the text-based interface:

      press m. For NOLOGIN, the screen would show (slightly condensed):

      Modify the system value by entering a valid value as specified in security(4) man page. Enter default to reset the system value to the default value. Note: The HP-UX Security Attributes Configuration Tool only checks for valid ranges. It does not perform any checks to ensure the correctness of the value entered. Attribute       :  NOLOGIN Description     :  Can /etc/nologin be used to disable non-root logins? (0=No 1=Yes) Range           :  0...1 Default         :  0 System Value    :  0__________________ [ Modify ] [ Preview ] [ Cancel ] [ Help ]

      Enter an appropriate value for System Value. To choose the default value, enter default.

      (Optional) Select Preview to see the commands that will change the value. Press OK to continue.

      Select Modify to change the value or Cancel to quit the process.

Configuring User Security Attributes

NOTE: You can also access this procedure from the Accounts for Users and Groups function. On the Local Users or NIS Users screen, highlight an account and press s, Modify Security Attributes. Then continue below with Step 4.
  1. Start HP SMH, as described in “Starting Text-Based HP SMH”.

  2. Press c to select Security Attributes Configuration.

  3. Press l to select Local Users or n to select NIS Users. A list of users is displayed. The User Values column indicates whether any user values have been specified for the user.

    Displaying Local Users Name User Id User Values ====================================== adm 4 no allanp 1834 no anewuser 111 yes bin 2 no
  4. Highlight a user and press Enter.

    The table in Figure 4-2 is displayed. It shows the attribute name, the current setting for the user (- means the system value), and the current system value. System defaults are marked with the word Default and the default value in parentheses, as in Default (1). The individual attributes are described in the security(4) manpage.

    Figure 4-2 Security Attributes Configuration: Local or NIS Users

    Attribute                          User Value      System Value =============================================================== ALLOW_NULL_PASSWORD                -               Default (1) AUDIT_FLAG                         -               0 AUTH_MAXTRIES                      -               Default (0) DISPLAY_LAST_LOGIN                 -               Default (1) INACTIVITY_MAXDAYS                 -               Default (0) LOGIN_TIMES                        -               Default (Any) MIN_PASSWORD_LENGTH                -               Default (6) NUMBER_OF_LOGINS_ALLOWED           -               Default (0) PASSWORD_HISTORY_DEPTH             -               Default (1) PASSWORD_MIN_LOWER_CASE_CHARS      -               Default (0) PASSWORD_MIN_UPPER_CASE_CHARS      -               Default (0) PASSWORD_MIN_DIGIT_CHARS           -               Default (0) PASSWORD_MIN_SPECIAL_CHARS         -               Default (0) PASSWORD_MAXDAYS                   -               Default (-1) PASSWORD_MINDAYS                   -               Default (0) PASSWORD_WARNDAYS                  -               45 UMASK                              -               Default (0)
    NOTE: INACTIVITY_MAXDAYS and PASSWORD_WARNDAYS are only displayed if the system is in Shadow Password mode.
  5. To see more detail for an attribute, highlight the attribute and press Enter. The additional data includes a description and the minimum and maximum values. Press Esc to return to the attribute list.

  6. To set or change the values for the user, press c, Configure Per User Exceptions. The Configuration screen is displayed. It includes all the attributes. The following is an abbreviated view:

    -------------------------------------------------------------------- Attribute Name                   [Range, System Value] (Description) -------------------------------------------------------------------- ALLOW_NULL_PASSWORD              [0...1  , 1 ]:  default____________ (Allow login with null password? (0=No 1=Yes)) ... UMASK                            [0...511, 0 ]:  default____________ (Default umask (leading zero denotes octal value)) [ Modify ] [ Preview ] [ Cancel ] [ Help ]
  7. Make the changes you want in the spaces provided.

  8. (Optional) Select Preview to see the commands that will modify the attributes. Press OK to continue.

  9. Select Modify to change the attributes or Cancel to quit the process.

  10. The changes from the default values are shown in the User Value column.

Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2008 Hewlett-Packard Development Company, L.P.