Discover Security Issues
========================

The Discover Monitor
====================
This process is responsible for:

.   gathering file and disk data
.   performing corrective actions (this may include running programs
    such as PUP, FUP, SQLCI etc.)
.   maintaining Discover database files (including worksheets)
.   processing commands received from a DCI process

The process must run under a user id that has Execute access to
any program that it must run to perform actions specified by
the system administrator.  In particular, the following programs
should be accessible:

PUP     This is used during a scan to gather information about the
        free space on a disk.  Note:  If PUP cannot be made
        accessible for security reasons, Discover can be configured
        to use DSAP instead.  However, DSAP has two drawbacks.
        It does not supply as much information as PUP (and space
        usage prediction is therefore less accurate), and it runs
        moreslowly than PUP.

FUP     FUP is used to perform many file maintenance tasks, for
        example to reload key-sequenced files, change extent
        allocations, security, file flags etc.

SQLCI   SQLCI is used to perform many SQL table and index maintenance
        tasks, for example to change extent allocations, security,
        file flags etc.

BACKUP  Files can be backed up to tape via the BACKUP and ARCHIVE
        actions if so specified in a worksheet disposition.  The
        BACKUP program is used for this.


File Access
===========
The monitor process can be configured to take corrective actions
such as changing file extent allocations, purging files etc.  The
monitor process must have the appropriate file access rights in
order to perform these tasks.

Usually, this means that the monitor must be run under a powerful
user id (such as an application owner, or even the super id).

If more than one application is run on the same system, each owned
by a different user, it may make sense to run more than one copy
of Discover, each under a different user id.  (In this case, each
copy of Discover must be installed in a different subvolume).


DCI Commands
============
DCI is the Discover Command Interpreter.  It is used to:

.   configure Discover,
.   run reportts,
.   display status information,
.   manipulate worksheets, etc.

Commands are classified as normal, or restricted.

Normal commands are available to any DCI user.  They are used to
perform tasks such as running reports, displaying status information
etc..

Restricted commands are only available to "administrators".
They can be used to change configuration, perform actions
etc..

By default, the only administrator is the used who started the
Discover monitor program.  All other users are only allowed
to perform normal commnads.

Additional users can be defined as administrators using the
DCVADMIN file.  This is an edit file which can specify up to
64 users (or user groups) which are to be considered as
administrators.  The Discover monitor must have Read access to
this file.  The file must be secured so that only authorized
users have Write access.

The following are the restricted commands:

ADD VOLUME          ADD WS                  ALTER VOLUME
CLEAN               DO                      DONT
DELETE TASK         DELETE VOLUME           DELETE FILE HISTORY
NEXTFILE            SET                     EXIT SHUTDOWN


Worksheets
==========
There are special considerations for worksheets.

The following worksheet commands are restricted to
administrators:

    ADD WS,
    DO WS,
    DONT,
    DELETE TASK

The other commands are normal, that is they can be performed
by regular users.  However, all worksheet commands except ADD WS
and ASSUME WS are subject to the security settings of the worksheet
being accessed.

Every worksheet has the following security-related settings:

AUDIT       This is set to ON if worksheet activities
            are to be audited.

OWNER       This is the user id of the worksheet owner.  By
            default this is the user who created the
            worksheet.

SECURITY    This is a 4 character string which specifies
            Read, Write, Execute, and Purge access to the
            worksheet.  Each access permission can take
            one of the values: A (All), G (Group), O(Owner),
            or - (super id).  The default is OOOO.

Only the owner of a worksheet (or the super id) can change the
security, or change the OWNER (that is, "give" the worksheet to another
user).

The following table indicates which permission is required to
perform each worksheet command:

Command           Read    Write   Execute     Purge
-------           ----    -----   -------     -----
ADD FILE                    X
ALTER WS                    X
DELETE FILE                 X
DELETE TASK                         X
DELETE WS                                       X
DISPOSE                     X
DO WS                               X
DONT                                X
INFO WS             X
LIST WS             X
NOTE                        X
SIGNOFF                     X