Manualshelf

HP-UX Virtual Partitions Administrator Guide (includes A.05.08) (5900-1312, March 2011)

ManualsBrandsHP ManualsSoftwareHP Integrity Virtual Machines and Online VM Migration Software
31323334353637383940
Location of Log Files
On an nPartition not running vPars, the MCA logs are gathered from the firmware during OS
reboot and saved in the /var/tombstones directory. Typically, multiple files are created of the form
mca*.
When running vPars, logs from a local MCA are saved in the virtual partition that experienced
the MCA. Similar to the non-vPars configuration, these files are in the /var/tombstones directory
of the virtual partition. Logs from a global MCA are saved in the /var/tombstones directory of
only one particular virtual partition. The virtual partition that is used is the virtual partition that was
booted from the same disk that was used to boot the vPars Monitor; this disk must be the primary
boot disk specified in the EFI Boot Manager after the system reboots in vPars mode following an
MCA.
NOTE: For information on logging of the command execution of vpar* commands, see
“Commands: vPars Commands Logging (page 138). Note that vpar* commands can be executed
from a root window; it does not require a console window, although at times, such as during the
installation of a new virtual partition, a console window may be desired. For information on the
differences between console and root windows, see the HP-UX System Administrator’s Guide
available on the BSC website at www.hp.com/go/hpux-core-docs.
Security
You should be aware of the following security issues and solutions:
The vPars commands (as described in “vPars Monitor and Shell Commands” (page 123)) are
restricted to root access, but the commands work on any of the virtual partitions, regardless
of which partition the commands are executed from. Therefore, a user with the appropriate
privileges on one partition can affect another virtual partition by targeting the virtual partition
in a vPars command. For example, a root user running on the partition vpar2 can reset the
partition vpar3 using the vparreset command.
To minimize such interactions, use the vPars Flexible Administrative Capability. With this
feature, you can assign vPars administration capabilities to designated virtual partitions. Only
superusers within the designated virtual partitions can affect other virtual partitions; a superuser
within a non-designated virtual partition can perform only operations that affect itself. For
more information, see the Chapter 11: “vPars Flexible Administrative Capability” (page 267).
A user with access to the console can gain access to the file systems on any of the virtual
partitions in the hard partition. To prevent this, control access to the physical console or GSP.
NOTE: A white paper Securing Virtual Partitions with HP-UX Role-Based Access Control on using
RBAC (Role-based Access Control) with vPars A.04.xx and A.05.xx is available on the BSC website
at :
www.hp.com/go/hpux-vpars-docs
EFI and Integrity Notes
EFI Shell Accessibility
After the vPars Monitor (/stand/vpmon) is booted, the EFI shell will not be accessible. This
includes using hpux.efi and other EFI commands.
If you need to perform any EFI functions, you will need to shut down all the virtual partitions
and reboot the nPartition to access the EFI shell.
New vPars Commands
The vPars commands introduced in vPars A.04.01 for use on only Integrity systems are
vparenv, vparconfig, and vparefiutil:
36 How vPars and Its Components Work