sseeccuurriittyy -- System Administration

Because COHERENT is  a multi-user, multi-tasking operating system which can
support users from remote terminals, steps must be taken to ensure that the
system is secure.  Sensitive information  that is stored on the system must
be protected from being read  or copied by unauthorized persons; files must
be  protected  against vandalization  by  intruders.   Unless a  reasonable
degree can be guaranteed, no  multi-user operating system can be trusted to
archive important information.

In one sense, it is easy  to achieve perfect security in a computer system.
As Grampp  and Morris  have noted,  ``It is easy  to run a  secure computer
system.  You merely disconnect all dial-up connections, put the machine and
its  terminals in  a shielded  room, and  post a guard  at the  door.'' For
practical uses,  however, security means  balancing ease of  access against
restrictiveness: users should have  easy access to what is properly theirs,
and should be barred from system facilities that do not belong to them.

The COHERENT system has the following tools to assist with security.

_P_a_s_s_w_o_r_d_s Every user account can  be ``locked'' with a password.  Each user
          can assign her own password, and the system administrator can set
          passwords for the superusers rroooott and bbiinn.

          Passwords should  be changed frequently.  A  password should have
          at least six characters, should _n_o_t be a common name or word, and
          preferably  should include  a  mixture of  upper- and  lower-case
          letters, to prevent decryption by brute-force methods.

          Passwords  should  be  guarded  jealously.   In  particular,  the
          password for the superuser rroooott should be kept secret, as she can
          read every file and execute every program throughout the system.

_P_e_r_m_i_s_s_i_o_n_s
          Execution of system-level  programs, such as mmoouunntt, is restricted
          to  the  superuser rroooott.  This  prevents  intruders from  seizing
          superuser permissions through unauthorized manipulation of system
          services.   Ordinary  users  are  also restricted  from  directly
          access system devices, for the same reason.

_E_n_c_r_y_p_t_i_o_n
          The  command ccrryypptt  performs rotary  encryption, similar  to that
          used  by   the  German   Enigma  machine.   Files   of  sensitive
          information should  be encrypted,  to protect them  against being
          read by  unauthorized persons.  Note that  encryption is the only
          true defense against unauthorized reading: not even the superuser
          can read an encrypted file unless she has the encryption key.

Many COHERENT  systems have only one  user and are not  networked; for such
installations, the normal level of security may be an annoyance.  Passwords
can  be turned  off by  using  the command  ppaasssswwdd to  set the  password to
<rreettuurrnn>. The  command cchhmmoodd  can be  used to widen  access to  devices and
system-level  utilities;   see  the  Lexicon  entry   for  cchhmmoodd  for  more
information on file access.

Security ultimately  is a system-wide responsibility.   To quote Grampp and
Morris, ``By far, the greatest security  hazard for a system ... is the set
of people  who use  it.  If the  people who use  a machine are  naive about
security issues, the machine will  be vulnerable regardless of what is done
by  the  local  management.   This  applies  particularly to  the  system's
administrators, but ordinary users should also take heed.''

_S_e_e _A_l_s_o
AAddmmiinniisstteerriinngg CCOOHHEERREENNTT, cchhmmoodd, ccrryypptt, llooggiinn, ppaasssswwdd

Grampp, F.T., Morris, R.H.:  UNIX operating system security.  _A_T&_T _B_e_l_l _L_a_b
_T_e_c_h _J 1984;8:1649-1672.
