HP-UX Containers (SRP) A.03.00 Administrator's Guide
49
8 Using the srp_su command
The srp_su command executes the su(1) command in the specified container. It can be used to
login to a container or execute a single command before returning to the global view. You must
execute the srp_su command from within the global view.
The srp_su command has the following syntax:
srp_su container_name [su_arguments]
Where:
container_name Specifies the name of the target container.
su_arguments Specifies any valid su(1) arguments.
8.1 Allowing additional users to use the srp_su command
Only users with the hpux.srp.exec authorization are allowed to use the srp_su command. By
default, only the root user has this authorization for all containers on the system.
To allow additional users to use the srp_su command, you must create new RBAC roles, assign the
hpux.srp.exec authorization to the role, and assign the role to the additional users, as follows:
1. Create a new RBAC role per container:
# roleadm add newRole
2. Assign the hpux.srp.exec authorization to a container role:
# authadm assign newRole hpux.srp.exec "container_name"
3. Assign a role to each user:
# roleadm assign user_name newRole
NOTE: Repeat step 3 for each additional user.
In this example, the root user establishes a session as root in the target container. The root user
logs in to myContainer container from the global view:
# srp_su myContainer
To assign authorization to a non-root user to login to a container using the srp_su command, follow
these steps:
1. Create a new SRPSu-myContainer container role:
# roladm add SRPsu-myContainer
2. Assign the hpux.srp.exec authorization to a SRPsu-myContainer role for the
myContainer container:
# authadm assign SRPsu-myContainer hpux.srp.exec "myContainer"
3. Assign the SRPsu-myContainer role to user admin1:
# roleadm assign admin1 SRPsu-myContainer
To verify that the role was assigned to admin1 in the global view, change the user ID to admin1.