Filter
Top Products
Chapter 10 247
Managing SNAplus2 from NetView
Using UCF
In this case, the ux-cancel command is ignored. No action is necessary.
This message can be displayed when the ux-cancel command is issued
after the previous command finishes but before the UNIX COMMAND
COMPLETED message is received.
UCF Security
Because the UCF enables a remote operator to issue commands on the
HP-UX computer and to receive output from these commands, it is
important to consider the security implications. For example, you need to
ensure that the operator cannot access private information or issue
HP-UX commands that can disrupt other users.
The SNAplus2 configuration includes a specific HP-UX system user
name as the UCF user; this must be a valid login ID on the SNAplus2
computer. All UCF commands run with this user's ID, and therefore with
the access permissions of this user.
It is intended that you use the normal security features provided by
HP-UX to restrict the commands the UCF user can access, in order to
permit only those commands you consider reasonable for use from UCF.
The following guidelines may be useful:
• The UCF user name should be one that is used solely for UCF; you
should not use an existing login that is also used for other purposes.
This makes it easier to define the privileges of this user to include
only those that are reasonable for UCF; it also enables you to identify
processes that were started using UCF.
• You may need to restrict the users and groups for which the UCF user
can change a user ID or group ID. In particular, the UCF user must
not be permitted to do the following:
• Become root or superuser.
• Use the group ID sna, which enables access to the snapadmin
program. (The functions of this program should be accessed using
SPCF, as described earlier in this chapter, instead of UCF.)