HP-UX Secure Resource Partitions (SRP) A.02.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Containers (SRP)

• Use the authadm command to verify the authorization information configured for the

compartment:

authadmlist list object=compartment_name

For the admin service, you should see the following entry:

SRPadmin-compartment_name: (hpux.SRPadmin.compartment_name,compartment_name)

For the login service, you should see the following entry:

SRPlogin-compartment_name: (hpux.security.compartment.login, compartment_name)

Alternatively, you can enter the following commands to view the authorization information:

authadm list operation=hpux.SRPadmin.compartment_name

authadm list operation=hpux.security.compartment.login \

object=compartment_name

• To verify the users and user groups assigned to the roles used by the compartment, enter

the following commands:

roleadm list role=SRPadmin-compartment_name

roleadm list role=SRPlogin-compartment_name

• To verify command privileges, view the /etc/rbac/cmd_priv file. If you configured the

init service for a compartment, you will see an entry authorizing execution of the srp_rc

script for an authorization granted to the compartment administrator as follows:

/opt/hpsrp/bin/util/srp_rc:dflt:(hpux.SRPadmin.compartment_name,*):0/0//:compartment_name:dflt:dflt

• You can also use the rbacdbchk utility to verify the contents of the RBAC database.

Verifying PRM Data

Use the prmlist and prmmonitor commands to verify that the PRM configuration data is

loaded for the group used by the SRP compartment (the default PRM group name is the SRP

compartment name).

For example, the prmlist -g -s command displays configuration information for PRM groups

(-g) and the PRM group for each Security Containment compartment (-s):

# prmlist -g -s

PRM configured from file: /etc/prmconf

File last modified: Tue Oct 14 12:57:58 2008

CPU CPU LCPU

PRM Group PRMID Entitlement Max Attr

__________________________________________________________________

EntDir 2 29.17% 80%

MktDB 65536 12.50%

MktWeb 3 21.88% 45%

OTHERS 1 21.88%

SRP2 4 14.58% 25%

Compartment Default PRM Group

__________________________________

EntDir EntDir

MktDB MktDB

MktWeb MktWeb

SRP2 SRP2

The prmmonitor utility displays statistics for each PRM group.

# prmmonitor

PRM configured from file: /etc/prmconf

File last modified: Tue Oct 14 12:57:58 2008

HP-UX habs B.11.31 U ia64 10/14/08

76 Verifying and Troubleshooting SRP