Essentials Security

Essentials provides two levels of security:

Server security that is partially implemented by the server components of Essentials and by the system administrator.
Application security implemented by the client and server components of the Essentials applications.

This appendix describes Essentials security, and contains the following sections:

Server Security

There are two aspects of Essentials server security:

Security imposed by the server components.
Security imposed by the system administrator.

Essentials uses the security mechanisms of the UNIX system to protect the code and data files that reside on the server.

Server-Imposed Security

The Essentials server provides the following security mechanisms:

Files, File Ownership, and Permissions---Essentials must be installed by a user with root privilege, and is installed as the user bin. All files and directories are owned by bin with group also equal to bin. Temporary files are created as the user bin with permissions set to read/write for the user bin and read for members of group bin.
The only exception to this rule is the log files created by the Essentials web server. The Essentials web server must be started as root; therefore its log files are owned by the user root with group equal to other.

: All backend processes are executed with a umask value of 027, which means that all files created by these programs are created with permissions equal to RWXR-X, with an owner and group of the user id and group of the program that created it. This will typically be bin and bin.

Runtime ---Essentials backends are typically executed with the permissions set to the user id of the binary file (for example, if an executable file is owned by user "Joe", it will be executed by the Essentials daemon manager under the user id of "Joe"). The exception to this rule is the root user id. To prevent a potentially harmful program from being executed by the daemon manager with root permissions, the daemon manager will only execute a limited set of Essentials programs that need root privilege as root. This list is not documented to preclude any user from trying to impersonate these programs.

: Essentials foreground processes (typically cgi-bin programs written in perl) are all executed under the control of the web server's children processes which all run as the user bin.

Off machine connectivity---The Essentials daemon manager will not respond to requests to start, stop, register, or show status for Essentials backend processes from computers other than the Essentials server.

Because the UNIX user bin is not a user id that is typically enabled for login, the UNIX system administrator can more easily protect the Essentials data and program files.

System Administrator-Imposed Security

To maximize the effectiveness of the Essentials server security, follow these UNIX system administration guidelines:

Do not allow users who are not responsible for managing the network to have a login on the Essentials server.
Do not allow the Essentials server file systems to be remotely mounted with NFS or any other file sharing protocol.
Limit remote access (for example, FTP, RCP, RSH) to the Essentials server to those users who are permitted to log in to the Essentials server.

Essentials provides application level security that allows the Essentials administrator to dictate which applications an Essentials user can access. Essentials provides this security through a set of five built-in roles:

Help Desk
Approver
Network Operations
Network Administration
System Administration

Each role allows access to a predetermined set of applications, tools and product features. Refer to the Essentials online help for a detailed chart showing the relationship of user role to application functionality.

When you create an Essentials login (every Essentials user must log in to the application to use its features), you assign one or more roles to the login. The role or combination of roles dictates which of the Essentials applications are available to the user in the Essentials navigation tree (refer to "Setting Up Essentials" for an explanation of the navigation tree).

Only the system administrator user can assign roles to Essentials logins. Essentials users can use the administrative tools to change their own password or other aspects of their login.

Essentials comes with two predefined logins:

guest (no password required, user role = Help Desk)
admin (password = admin, user role = super user)

Note The login named admin is the equivalent of the super user login for Essentials. This login provides access to all Essentials tasks.

It is highly recommended that you change all of the passwords for these predefined logins immediately after installation. Unless you want to allow everyone read-only access to Essentials, change the guest login password to something other than the default null string.

To prevent someone from typing a full path to an Essentials URL in an attempt to avoid the security system, Essentials applications will only run in the presence of an authenticated session between the server and client. The session is authenticated as a part of the login process so any attempt by a user to avoid the login by going directly to a URL will fail and the user will be returned to the Essentials Login Manager dialog box. The Essentials desktop terminates a login session after a period of no use. When this termination happens, the next operation that the user performs will return them to the Login Manager dialog box.

Table of Contents