HP-UX Compartment Login Using Secure Shell (SSH)
9
* System level security commands and authentication services require
* following rule set
*/
perm read /etc/security.dsc
perm read /etc/pam.conf
perm read /etc/passwd
perm nsearch /etc/useracct
perm write /etc/useracct/utmpd_write
perm read, write /etc/utmp
perm read, write /etc/utmpx
perm read /sbin/sh
// To access incoming mails and news
perm nsearch /var/mail
perm nsearch /var/adm
// need read/write for all userdb files
perm nsearch, read, write /var/adm/userdb
/*
* To access user accounting information
* TIP: wtmps stores the user login/logout and accounting information.
*/
perm read, write /var/adm/wtmp
perm read, write /var/adm/wtmps
perm nsearch /var/empty
perm nsearch, read /var/news
/*
* Following rules required to access Password Cache Daemon's socket
* and process status files
*/
perm nsearch /var/spool
perm nsearch /var/spool/pwgr
perm write /var/spool/pwgr/daemon
perm read /var/spool/pwgr/status
/*
* Following rules required to provide access to pwgrd client's UNIX domain
* sockets.
*/
perm nsearch /var/spool/sockets
perm nsearch, create, unlink /var/spool/sockets/pwgr
/* /var/tmp is preferred than /tmp as the data stored in /var/tmp
* is more reliable than in /tmp
*/
perm all /var/tmp
// To access Xserver
perm read, write /var/X11
// To create sshd_<cmpt_name>.pid file
perm all /var/run
}