HP-UX System Administrator's Guide: Overview HP-UX 11i v3 (B3921-90011, September 2010)
Directories Who can search the contents of the directory, add files to, remove files from,
or rename files in the directory, and who can cd to the directory.
There is a lot more to the topic of legacy Unix file ownership and privileges and there are other,
more powerful, mechanisms that allow you to carefully control and monitor who is accessing
the files and directories on your system. An entire volume of the HP-UX System Administrator’s
Guide is devoted to the topic of security. For extensive coverage of the topic of controlling access
to the files and directories of your system and other security related topics, see HP-UX System
Administrator’s Guide: Security Management.
Controlling Access to Data Using Security Containment Technologies
Traditional UNIX file access mechanisms are adequate for many basic installations, but today’s
security and privacy conscious world requires a lot more control over who has access to which
data.
With traditional security methods, a typical weak link in the mechanism is the superuser (or
root user). The term superuser refers to any account with a User ID (or any program or process
with an effective User ID) of “0” (zero). These special accounts allow anyone who has access to
them complete access to every local file on the entire server. Should the password for a superuser
account fall into the wrong hands, the security of the entire server becomes compromised.
In many installations, it is not desirable to give any one person access to every file on a server.
In particular, the role of system administrator might be sub-divided into more specific roles that
are assigned to different people. Others may need to administer specific applications, or a database
or other entity. Perhaps, for security reasons, it is desirable to give a person access to certain files
or capabilities only during certain hours of the day.
Technologies for Greater Access Control
HP-UX 11i version 3 has security technologies that, when used together, provide significantly
greater access control of the data files and user privileges on your servers when HP-UX is running
in Standard Mode:
6
Compartments Compartments isolate unrelated resources on a server to
help prevent catastrophic damage to the server if one
compartment is penetrated.
When configured in a compartment, an application has
restricted access to resources (processes, binaries, data files,
and communication channels used) outside its
compartment. This restriction is enforced by the HP-UX
kernel and cannot be overridden unless specifically
configured to do so. If the application is compromised, it
will not be able to damage other parts of the system
because it is isolated by the compartment configuration.
Fine-Grained Privileges Traditional UNIX privileges grant “all or nothing”
administrative privileges based on the effective UID of the
process that is running. If the process is running with the
effective UID=0, it is granted all privileges. With fine-grained
privileges, processes are granted only the privileges needed
for the task and, optionally, only for the time needed to
complete the task. Applications that are privilege-aware
can elevate their privilege to the required level for the
operation and lower it after the operation completes.
Role-Based Access Control Typically, UNIX system administration commands must
be run by a superuser (root user). Similar to kernel level
6. These security technologies are also available in HP-UX 11i version 2. For more information on Standard Mode vs.
Trusted Mode, see “Protecting Against Unauthorized Access to Your Servers and Data” (page 104).
72 Major Components of HP-UX