Best Practices for Deploying HP-UX Secure Resource Partitions (SRP) for SAP Whitepaper

5. In the rule file for the SRP compartment, change the “perm none” entry from

/sapmnt/<SID>/exe/saposcol

/usr/sap/hostctrl

6. Activate the change to the SRP compartment with the command “setrules”

7. Either start the SAPHOST agent by restarting the SAPOSCOL SRP compartment or by logging

in to the SAPOSCOL SRP compartment and calling “/usr/sap/hostctrl/exe/hostexecstart”.

If it is required to see the actual status in ST06 and accept the risk of one SAP system stopping

saposcol for all systems installed on this host, modify the include file for saposcol in the following

way:

 Add the entry “receive signal <SAP-compartment” in the SAPHOST rule file for each compartment

that requires execution rights for saposcol

 Delete the entry “perm none /usr/sap/hostctrl” in the respective SRP compartment rule files

 Set the new rules with the command “setrules”

Best practices for configuring SRP for upgrading an SAP system

The permissions for upgrading an SAP system to 7.01 or 7.10 or higher are the same as for running

an SAP system.

After upgrading to NetWeaver 7.10, where the new SAPHOST structure for monitoring the system is

used, the permissions and structure of the saposcol compartment have to be adapted. See SAP Note:

1031096 to determine how to setup the SAPHOST agent.

Note

If the target release is based on NetWeaver 7.00 or lower, other file

system permissions might be required. Adoption of the compartment rule

file might be necessary in this case; this particular setup was not tested in

the scenario presented here.