POSIX uses the SECOS component SRPM for the administration and access control of POSIX users.

If SECOS is not installed in your system, the relevant part of SRPM for POSIX is contained in the BS2000 basic configuration.

For more information on the BS2000 administration of POSIX users, please refer to chapter “Administering POSIX users”.
Access control for users who want to connect to a BS2000 computer from a UNIX system by means of the rlogin command is described in section “Access from a character terminal”.

If SECOS is being used, the following options are also available for POSIX:

• Use of the POSIX-ADMINISTRATION privilege for selected user IDs (SRPM).

• Logging and analysis of security-relevant events which affect POSIX with SAT.
  In addition to the general options for monitoring user IDs, DMS file objects, and events, the following events are defined specifically for POSIX:

  • JFK event: create POSIX task

  • UPA event: /MODIFY-POSIX-USER-ATTRIBUTES command

  • UPD event: / MODIFY-POSIX-USER-DEFAULTS command

  The security-relevant events of privilege administration - for example, assign the POSIX-ADMINISTRATION privilege - are always logged with SAT.

• Logging of approx. 50 security-relevant POSIX events, grouped according to:

  • File access (POSIX-FILE-and-Directory)

  • Process attributes (POSIX-Process)

  • Fork (POSIX-CHILD-Process)

  • Semaphore, shared memory (POSIX-SYSTEM-Resources)

• Individual system access classes for global POSIX services (rlogin, rcp, ...).

• POSIX batch processes are subject to a check by SECOS. Changing the user ID can be permitted or forbidden by SECOS (for each ID).

See the SECOS manuals [9] and [10] for more information.