Certain security options are enforced automatically under the following conditions:
-
The CLASS security option is equal to S1 or S2.
-
The S1RESTRICTIONS security option is equal to TRUE.
-
The S2RESTRICTIONS security option is equal to TRUE.
These options impose predefined values on other security options.
Only one of the AUTHBYPUBLICKEY and AUTHBYPASSWORD options can be set as REQUIRED. Setting AUTHBYPUBLICKEY or AUTHBYPASSWORD to REQUIRED changes the other option to DISABLED.
CLASS Security Option
CLASS Security Option Values lists the values for the CLASS security option.
Table 1. CLASS Security Option Values
|
Value |
Purpose |
|---|---|
|
U |
Resets existing security options to their default value, except for the *Not Changed options in CLASS Security Option Results (Value U), which retain their existing value. Only changes to the preceding options and the CLASS security option are permitted when the security class has the value U. You can still assign values to individual CANDE options with the appropriate CANDE operations commands. |
|
S0 |
Causes the other security options to take effect. These options retain the values they had before CLASS was set to S0. You can change any of these values as you choose. When CLASS is set to S0, the CANDE NOCOMSCTRL option can no longer be changed, and behaves as if its value were TRUE. |
|
S1 |
Applies values to certain options, which are then unchangeable. CLASS Security Option Results (Value U) and CLASS Security Option Results (Values S0 – S2) include the effect that setting CLASS to S1 has on the security options. |
|
S2 |
Applies values to certain options, which are then unchangeable. CLASS Security Option Results (Value U) and CLASS Security Option Results (Values S0 – S2) include the effect that setting CLASS to S2 has on the security options. |
CLASS Security Option Results (Value U) and CLASS Security Option Results (Values S0 – S2) list the values of the various CLASS settings impose on other security options.
When the system imposes a value on a security option as a result of the current CLASS security option setting, it assigns the default value of that option. As noted under CLASS Security Option Results (Value U) and CLASS Security Option Results (Values S0 – S2), you can change the setting of certain security options to non-default values. For more information, see Security Option Values Set Explicitly.
| Note: | Security options that are unaffected when the CLASS security option setting is changed are not listed in CLASS Security Option Results (Value U) and CLASS Security Option Results (Values S0 – S2). |
Table 2. CLASS Security Option Results (Value U)
|
Security Option |
Value (U) |
|---|---|
|
ANONACCOUNTING |
OK |
|
CANDE options |
FALSE** |
|
CANDE LAISSEZFILE |
0** |
|
CASESENSITIVEPW |
FALSE* |
|
CODEVERIFYCHECK |
NONE |
|
CODEVERIFYGEN |
NONE |
|
CRSCASSIGN |
OK |
|
DIRECTLP |
OK |
|
DISKSCRUB |
FALSE |
|
DMALGOLUNSAFE |
FALSE |
|
ERASE |
ZEROS* |
|
LIMITCOMSUTIL |
FALSE |
|
LIMITREMOTESPO |
FALSE |
|
MCPSQL |
Not |
|
MFA |
DISABLED |
|
MODIFYGUARDFILE |
OK |
|
NOCOPYONTO |
FALSE |
|
NONPRIVUNITNO |
OK |
|
NONUSERFILES |
PUBLIC |
|
NOSUPERUSER |
FALSE |
|
ONC RPC AUTHVALIDATION |
CONDITIONAL |
|
PASSWORDCHANGE |
DISABLED |
|
PASSWORDMGMT |
MINIMAL |
|
PASSWORDS |
NOTRESTRICTED |
|
PROGDUMPFILTER |
FALSE |
|
S1RESTRICTIONS |
FALSE |
|
S2RESTRICTIONS |
FALSE |
|
SECUREPASSWORD |
FALSE |
|
SECURITYLABELS |
OK |
|
SLREPLACE |
FALSE |
|
SLTRANSFORMS |
FALSE |
|
SUMLOGFULL |
DISCARD |
|
SUMLOGSECURITY |
PUBLIC |
|
TADSWARN |
FALSE |
|
TAPECHECK |
NONE |
|
TAPESCRUB |
FALSE |
|
UDTIMESTAMPS |
FALSE* |
|
UNLABELEDTAPES |
OK |
|
USERCODEDBACKUP |
FALSE |
-
Values labeled with an asterisk (*) can be changed using Security Center's MCP Security Policy Management module, the SECOPT (Security Options) system command or the Menu-Assisted Resource Control (MARC) security configuration screens. See Security Option Values Set Explicitly for more information.
-
Values labeled with a double asterisk (**) must be changed using the CANDE control command.
Table 3. CLASS Security Option Results (Values S0 – S2)
|
Security Option |
Value (S0) |
Value (S1) |
Value (S2) |
|---|---|---|---|
|
ANONACCOUNTING |
OK* |
OK* |
NOTOK |
|
CANDE options |
FALSE* |
FALSE* |
FALSE* |
|
CANDE LAISSEZFILE |
0* |
0* |
0* |
|
CASESENSITIVEPW |
FALSE* |
FALSE* |
FALSE* |
|
CODEVERIFYCHECK |
Not Changed |
Not Changed |
Not Changed |
|
CODEVERIFYGEN |
Not Changed |
Not Changed |
Not Changed |
|
CRSCASSIGN |
OK* |
OK* |
NOTOK |
|
DIRECTLP |
OK* |
OK* |
NOTOK |
|
DISKSCRUB |
FALSE* |
FALSE* |
TRUE |
|
DMALGOLUNSAFE |
FALSE* |
TRUE |
TRUE |
|
ERASE |
ZEROS* |
ZEROS* |
ZEROS* |
|
LIMITCOMSUTIL |
FALSE* |
TRUE |
TRUE |
|
LIMITREMOTESPO |
FALSE* |
FALSE* |
TRUE |
|
MODIFYGUARDFILE |
OK* |
NOTOK |
NOTOK |
|
NOCOPYONTO |
FALSE* |
FALSE* |
TRUE |
|
NONPRIVUNITNO |
OK* |
OK* |
NOTOK |
|
NONUSERFILES |
PUBLIC* |
PRIVATE |
PRIVATE |
|
NOSUPERUSER |
FALSE* |
TRUE |
TRUE |
|
OLDDMSSECURITY |
FALSE* |
FALSE |
FALSE |
|
PASSWORDMGMT |
MINIMAL* |
MINIMAL* |
MINIMAL* |
|
PASSWORDS |
NOTREST* |
REQUIRE* |
ONEONLY |
|
PROGDUMPFILTER |
FALSE* |
TRUE |
TRUE |
|
S1RESTRICTIONS |
FALSE* |
TRUE |
TRUE |
|
S2RESTRICTIONS |
FALSE* |
FALSE* |
TRUE |
|
SECUREPASSWORD |
FALSE* |
TRUE |
TRUE |
|
SECURITYLABELS |
OK* |
OK* |
NOTOK |
|
SLREPLACE |
FALSE* |
TRUE |
TRUE |
|
SLTRANSFORMS |
FALSE* |
FALSE* |
TRUE |
|
SUMLOGFULL |
DISCARD* |
HALTLOAD* |
HALTLOAD* |
|
SUMLOGSECURITY |
PUBLIC* |
PUBLIC* |
PRIVATE |
|
TADSWARN |
FALSE* |
TRUE |
TRUE |
|
TAPECHECK |
NONE* |
AUTOMATIC |
AUTOMATIC |
|
TAPESCRUB |
FALSE* |
FALSE* |
FALSE* |
|
UDTIMESTAMPS |
FALSE* |
FALSE* |
FALSE* |
|
UNLABELEDTAPES |
OK* |
NOTOK |
NOTOK |
|
USERCODEDBACKUP |
FALSE* |
TRUE |
TRUE |
| Note: | Values labeled with an asterisk (*) can be changed using Security Center's MCP Security Policy Management module, the SECOPT (Security Options) system command or the Menu-Assisted Resource Control (MARC) security configuration screens. See Security Option Values Set Explicitly for more information. |
S1RESTRICTIONS and S2RESTRICTIONS Security Options
The security options S1RESTRICTIONS and S2RESTRICTIONS are either set or reset; that is, they have the values TRUE or FALSE. When set, they impose values on certain security options as listed in S1RESTRICTIONS and S2RESTRICTIONS Security Option Results.
Table 4. S1RESTRICTIONS and S2RESTRICTIONS Security Option Results
|
S1RESTRICTIONS |
S2RESTRICTIONS |
||
|---|---|---|---|
|
Security Option |
Value |
Security Option |
Value |
|
DMALGOLUNSAFE |
TRUE |
ANONACCOUNTING |
NOTOK |
|
LIMITCOMSCONTROL |
TRUE |
CRSCASSIGN |
NOTOK |
|
MODIFYGUARDFILE |
NOTOK |
DIRECTLP |
NOTOK |
|
NOSUPERUSER |
TRUE |
LIMITREMOTESPO |
TRUE |
|
ONC RPC AUTHVALIDATION |
UNCONDITIONAL |
NONPRIVUNITNO |
NOTOK |
|
PASSWORDS |
REQUIRED |
NOCOPYONTO |
TRUE |
|
SECUREPASSWORD |
TRUE |
PASSWORDS |
ONEONLY |
|
SLREPLACE |
TRUE |
SECURITYLABELS |
NOTOK |
|
TADSWARN |
TRUE |
SLTRANSFORMS |
TRUE |
|
UNLABELEDTAPES |
NOTOK |
SUMLOGSECURITY |
PRIVATE |
