Manualshelf

HP-UX System Administrator's Guide: Overview

ManualsBrandsHP ManualsSoftwareHP-UX System Administration
81828384858687888990
Controlling Access to Data Using Security Containment Technologies
Traditional UNIX file access mechanisms are adequate for many basic installations,
but today’s security and privacy conscious world requires a lot more control over who
has access to which data.
With traditional security methods, a typical weak link in the mechanism is the superuser
(or root user). The term superuser refers to any account with a User ID (or any program
or process with an effective User ID) of 0 (zero). These special accounts allow anyone
who has access to them complete access to every local file on the entire server. Should
the password for a superuser account fall into the wrong hands, the security of the entire
server becomes compromised.
In many installations, it is not desirable to give any one person access to every file on
a server. In particular, the role of system administrator might be sub-divided into more
specific roles that are assigned to different people. Others may need to administer
specific applications, or a database or other entity. Perhaps, for security reasons, it is
desirable to give a person access to certain files or capabilities only during certain hours
of the day.
Technologies for Greater Access Control
HP-UX 11i version 3 has security technologies that, when used together, provide
significantly greater access control of the data files and user privileges on your servers
when HP-UX is running in Standard Mode:
6
Compartments Compartments isolate unrelated resources on a
server to help prevent catastrophic damage to
the server if one compartment is penetrated.
When configured in a compartment, an
application has restricted access to resources
(processes, binaries, data files, and
communication channels used) outside its
compartment. This restriction is enforced by the
HP-UX kernel and cannot be overridden unless
specifically configured to do so. If the application
is compromised, it will not be able to damage
other parts of the system because it is isolated by
the compartment configuration.
Fine-Grained Privileges Traditional UNIX privileges grant “all or
nothing” administrative privileges based on the
effective UID of the process that is running. If
the process is running with the effective UID=0,
it is granted all privileges. With fine-grained
6. These security technologies are also available in HP-UX 11i version 2. For more information on Standard
Mode vs. Trusted Mode, see “Protecting Against Unauthorized Access to Your Servers and Data”
(page 128).
86 Major Components of HP-UX