Manualshelf

HP-UX Secure Resource Partitions (SRP) A.02.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Containers (SRP)
21222324252627282930
SRP login service to assign login authorization to an HP-UX user group for specific SRP
compartments. For more information about assigning login rights for compartments, see
compartment_login(5).
SRP Compartment Administrators and Login Group
The SRP admin service assigns a user with an RBAC role to administer a compartment. By
default, this user has the authorization to execute the startup and shutdown scripts for the
compartment. The intention of this role is to have a user external to the SRP compartment to start
up and shut down the compartment.
By contrast, the login service assigns an HP-UX user group the RBAC authority to log in to the
compartment. The intention of the login group is to allow users internal (logged in) to the SRP
compartment to manage the applications hosted by the compartment.
NOTE: If you enable the compartment login feature with the default RBAC configuration but
do not assign a login group for an SRP compartment, only the root user will be able to log in
to the SRP compartment.
Planning Considerations
When you use the admin service with the base template, srp prompts for an HP-UX user name
for the SRP compartment administrator. This name must already exist in the user account database
(/etc/passwd). The default user name is root. If you want to create a different user for the
compartment administrator, use the useradd utility to add it to the system before configuring
the admin service.
When you use the login service with the base template, srp prompts for the HP-UX group
name that you want to allow compartment login access. This name must already exist in the
group database (/etc/group). The default group name is adm. If you want to create a different
group for the compartment login group, use the groupadd utility to add it to the system before
configuring the login service.
Compartment Home Directories (/var/hpsrp)
SRP creates a home directory for each compartment in the /var/hpsrp directory
(/var/hpsrp/compartment_name). Each compartment home directory contains subdirectories
that are intended to hold compartment-specific configuration and data files (for a list of the
subdirectories, see “Compartment Home Directory and Subdirectories” (page 36)).
For example, the provision service for the apache template configures Apache to use the
directory /var/hpsrp/compartment_name/opt/hpws/apache for Apache data by default.
You can also configure a compartment to use a specific version of application executables and
might choose to install or copy the executables under the compartment home directory.
Planning Considerations
Before creating SRP compartments, determine the data and executables you want to store under
the compartment home directories and how much disk space is required for these files. You
might want to increase the disk space allocated for /var.
Concurrent Access of System and Subsystem Configuration Files
SRP modifies the system and subsystem configuration files listed in “System and Subsystem
Files and Directories” (page 87). SRP uses a lock file to prevent multiple instances of the srp
utility from modifying these files. However, if another user manually edits these files, access
collisions can occur.
Planning Considerations and Best Practices 21