Manualshelf

HP-UX System Administrator's Guide: Overview

ManualsBrandsHP ManualsSoftwareHP-UX System Administration
81828384858687888990
privileges, processes are granted only the privileges
needed for the task and, optionally, only for the
time needed to complete the task. Applications
that are privilege-aware can elevate their
privilege to the required level for the operation
and lower it after the operation completes.
Role-Based Access Control Typically, UNIX system administration
commands must be run by a superuser (root
user). Similar to kernel level system call access,
access is usually “all or nothing” based on the
user's effective UID.
HP-UX Role-Based Access Control (HP-UX RBAC)
enables you to group common or related tasks
into a role. For example, a common role might
be User and Group Administration. Once the
role is created, you assign to specific users a role
or set of roles that enables them to run the
commands defined by those roles.
When you implement HP-UX RBAC, you enable
non-root users to perform tasks previously
requiring superuser privileges without granting
those users complete superuser privileges.
Auditing The HP-UX auditing system records
security-related events for later analysis.
Administrators use auditing to detect and
analyze security breaches. Auditing is available
on both Standard Mode and Trusted Mode
HP-UX systems.
User Database Previously, all Standard Mode HP-UX security
attributes and password policy restrictions were
set on a system-wide basis. The introduction of
the user database enables you to set security
attributes on a per-user basis that overrides
system defaults.
Further Information
For more information on the enhanced security containment features introduced above,
see the following resources:
HP-UX System Administrator’s Guide: Security Management
HP-UX 11i Security Containment Administrator's Guide
The privileges(5) manpage
Security and Access Control 87