A pathname that begins at the root directory; a pathname that
always begins with a slash (/).
For example,
/usr/games
is an absolute pathname.
Also called a full pathname.
The formal name of the ACL that is checked for access decisions on an object.
An optional extension of the traditional UNIX permission bits, which gives the user the ability to specify read, write, and execute permissions on a per user and per group basis.
See also Access ACL, Default ACLs
This document uses the term "administrator" in a generic sense to refer to any user involved in the security operation of the system.
An event that is monitored and reported by the audit subsystem. Events include system events, application events, and site-definable events. An event can be any command, system call, routine, or program that runs on the system.
An ID that is created at login time and that is inherited across all processes.
The recording, examining, and reviewing of security-related activities on a trusted system.
The traditional security that is delivered on BSD UNIX systems.
BASE security consists of user authentications based on the
/etc/passwd
file.
A nontrusted Tru64 UNIX system has BASE security.
A UNIX software release of the Computer System Research Group of the University of California at Berkeley -- the basis for some features of Tru64 UNIX.
The ACLs associated with directories. These two types of ACLs (default access ACL and default directory ACL) determine what ACLs are given to files and subdirectories created in a directory.
The traditional UNIX form of file permissions set with the
chmod
command.
The current user ID, but not necessarily the user's ID. For example, a user logged in under a login ID may change to another user's ID. The ID to which the user changes becomes the effective user ID until the user switches back to the original login ID.
Passwords with the enhanced attributes made available by the
enhanced security option.
Enhanced passwords are stored in the
prpasswd
file and are sometimes refered to as extended, protected,
or shadowed passwords.
The optional security feature that supplement BASE security. Enhanced security consists of enhanced password profiles.
See also enhanced passwords
The security integration architecture (SIA) uses the term entity to mean a user, program, or system that can be authenticated. The entity identifier is the user ID (UID).
A POSIX-compliant ASCII representation of an ACL used for presentation to the user.
See also IR (internal representation)
The Trusted Computer System Evaluation Criteria (TCSEC). The enhanced security features in the Tru64 UNIX system have been designed to meet this criteria.
A binary representation of an ACL used by the ACL library routines.
See also ER (external representation)
Any program that represents itself as a
login
program to steal a password.
For example, a spoofing program might print
the login banner on an unattended terminal and wait for input from the user.
The person responsible for the day-to-day maintenance of a system, including backups, line printer maintenance, and other routine maintenance tasks.
See also system administrator
A unique number assigned to a process that is running.
A unit of control of the operating system.
A process is always executing
one program, which can change when the current program invokes the
exec()
system call.
A process is considered trusted when its current
program is trusted.
See also program
A set of algorithms designed, compiled, and installed in an executable file for eventual execution by a process. A program is considered trusted when it upholds the security policies of the system.
See also process
The process ID of the parent or spawning process.
The login name for the superuser (system administrator).
The name applied to the topmost directory in the UNIX system's tree-like file structure; hence, the beginning of an absolute pathname. The root directory is represented in pathnames by an initial slash (/); a reference to the root directory itself consists of a single slash.
The basic file system, onto which all other file systems can be mounted. The root file system contains the operating system files that get the rest of the system to run.
The parameters used by the trusted computing base (TCB) to enforce security. Security attributes include the various user and group identities.
The Security Integration Architecture isolates the security-sensitive commands from the specific security mechanisms, thus eliminating the need to modify them for each new security mechanism.
See also vouching
Audit events that are created by application software (that is, not the operating system).
The system administrator is responsible for file system maintenance and repair, account creation, and other miscellaneous administrative duties.
The set of hardware, software, and firmware that together enforce the system's security policy. The Tru64 UNIX TCB includes the system hardware and firmware as delivered, the trusted Tru64 UNIX operating system, and the trusted commands and utilities that enforce the security policy. The operating system and other software distributed with the trusted Tru64 UNIX system satisfy security requirements.
See BASE security
Checks performed on passwords to prevent the use of easily guessed passwords. Triviality checks prevent the use of words found in the dictionary, user names, and variations of the user name as passwords.
Any program that when invoked by a user steals the user's data, corrupts the user's files, or otherwise creates a mechanism whereby the Trojan horse planter can gain access to the user's account. Viruses and worms can be types of Trojan horses.
A computer program designed to insinuate itself into other programs or files in a system and then to replicate itself through any available means (disk file, network, and so forth) into other similar computers, from which it can attack yet more systems. Viruses are designed with the object of damaging or destroying the "infected" programs or systems and are often programmed to become destructive at a specific time, such as the birthday of the virus's programmer.
See also Trojan horse , worm
A technique that allows a security mechanism to trust the authentication process of a previously run security mechanism. This feature is implemented by the Security Integration Architecture (SIA).
A computer program designed to insinuate itself into other programs or files in a system and then to replicate itself through any available means (disk file, network, and so forth) into other similar computers, from which it can attack yet more systems. Worms are designed with no serious intent to do damage, but they are harmful because they occupy resources intended for legitimate use.
See also Trojan horse , virus