Essentials Security

Essentials provides two levels of security:

Server security that is partially implemented by the server components of Essentials and by the system administrator.
Application security implemented by the client and server components of the Essentials applications

This appendix describes both of these security levels.

Server Security

There are two aspects of Essentials server security:

Security imposed by the server components
Security imposed by the system administrator

Essentials uses the security mechanisms of the UNIX system to protect the code and data files that reside on the server.

Server-Imposed Security

The Essentials server provides the following security mechanisms:

Files, File Ownership, and Permissions---Essentials must be installed by a user with root privilege and is installed as the user bin. All files and directories are owned by bin with group also equal to bin. Temporary files are created as the user bin with permissions set to read-write for the user bin and read for members of group bin. The only exception to this rule is the log files created by the Essentials web server. The Essentials web server must be started as root; therefore, its log files are owned by the user root with group equal to other.

: All back-end processes are executed with a umask value of 027, which means that all files created by these programs are created with permissions equal to rwxr-x, with an owner and group of the user ID and group of the program that created it. Typically this will be bin and bin.

Runtime ---Typically Essentials backends are executed with permissions set to the user id of the binary file (for example, if an executable file is owned by user "Joe," it will be executed by the Essentials daemon manager under the user ID of "Joe"). The exception is the root user ID. To prevent a potentially harmful program from being executed by the Daemon Manager with root permissions, the Daemon Manager will execute only a limited set of Essentials programs that need root privilege. This list is not documented to preclude any user from trying to impersonate these programs.

: Essentials foreground processes (typically cgi-bin programs written in perl) are executed under the control of the web server's children processes, which all run as the user bin.

Off -machine connectivity---The Essentials Daemon Manager will not respond to requests to start, stop, register, or show status for Essentials back-end processes from computers other than the Essentials server.

Because the UNIX user bin is not a user id that is typically enabled for login, the UNIX system administrator can more easily protect the Essentials data and program files.

System Administrator-Imposed Security

To maximize Essentials server security, follow these system administration guidelines:

Do not allow users who are not responsible for managing the network to have a login on the Essentials server.
Do not allow the Essentials server file systems to be mounted remotely with NFS or any other file-sharing protocol.
Limit remote access (for example, FTP, RCP, RSH) to the Essentials server to those users who are permitted to log in to the Essentials server.

Essentials provides application-level security that allows the Essentials administrator to dictate which applications an Essentials user can access. Essentials provides this security through a set of five built-in roles:

Help Desk
Approver
Network Operations
Network Administration
System Administration

Each role allows access to a predetermined set of applications, tools, and product features. Refer to the "Getting Started" section of the Essentials online help for a detailed chart showing the relationship of user role to application functionality.

When you create an Essentials login (every Essentials user must log in to the application to use its features), you assign one or more roles to the login. The role or combination of roles dictates which Essentials applications are available to the user in the Essentials navigation tree (refer to the "Setting Up Essentials" chapter for an explanation of the navigation tree).

Only the system administrator user can assign roles to Essentials logins. Essentials users can use the administrative tools to change their own password or other aspects of their login.

Essentials comes with two predefined logins:

guest (no password required, user role = Help Desk)
admin (password = admin, user role = super user)

Note The login named admin is the equivalent of the superuser login for Essentials. This login provides access to all Essentials tasks.

We recommended that you change the passwords for these predefined logins immediately after installation. Unless you want to allow everyone read-only access to Essentials, change the guest login password to something other than the default null string.

To prevent anyone from typing a full path to an Essentials URL to avoid the security system, Essentials applications will run only in the presence of an authenticated session between the server and client. The session is authenticated as a part of the login process so attempting to avoid the login by entering a URL will fail and the user will be returned to the Essentials Login Manager dialog box. The Essentials desktop terminates a login session after a period of no use. After termination, attempting to perform any operation returns the user to the Login Manager dialog box.

Table of Contents