Securing Virtual Partitions with HP-UX Role-Based Access Control
5
virtual partitions on a single box are administered by multiple root users who do not share a trust
relationship. For example, it might not be desirable for a root user on one virtual partition to reset
another virtual partition. In this scenario, the existing virtual partition management commands should be
supplemented to ensure that the administrative user on one virtual partition is not able to affect the
operation of other virtual partitions.
To prevent an administrator on one virtual partition from affecting other virtual partitions on the same
system, it is necessary to limit the administrator’s access to the virtual partition monitor through the
virtual partition commands. Note that this is already accomplished for non-root users by the traditional
HP-UX controls that limit access to the /dev/vpmon device.
There are two approaches to preventing an administrative user from accessing the monitor (and
therefore other virtual partition configurations):
1. Allow the administrator to login as root and prevent the root account from accessing the monitor.
2. Require the administrator to login as a non-root user, and selectively provide access to the root
account for particular administrative tasks.
The first approach is extremely difficult to achieve using the operating system itself (as opposed to the
monitor) because on most UNIX® systems the root-user is all powerful. It is difficult to very precisely limit
the root account.
This paper discusses how best to achieve the second approach, and also the necessary tools and
configurations to enable it. Specifically on HP-UX 11iv2, the availability of the HP-UX RBAC feature
built-in to the OS facilitates this.