Manualshelf

HP-UX Virtual Partitions Administrator Guide (includes A.05.07) (5900-1229, September 2010)

ManualsBrandsHP ManualsSoftwareHP Integrity Virtual Machines Manager (vmmgr) Software
31323334353637383940
only one particular virtual partition. The virtual partition that is used is the virtual partition that
was booted from the same disk that was used to boot the vPars Monitor; this disk must be the primary
boot disk specified in the EFI Boot Manager after the system reboots in vPars mode following
an MCA.
NOTE: For information on logging of the command execution of vpar* commands, see
“Commands: vPars Commands Logging” (page 139). Note that vpar* commands can be executed
from a root window; it does not require a console window, although at times, such as during
the installation of a new virtual partition, a console window may be desired. For information on
the differences between console and root windows, see the HP-UX System Administrator’s Guide
available at http://docs.hp.com.
Security
You should be aware of the following security issues and solutions:
The vPars commands (as described in “vPars Monitor and Shell Commands” (page 125)) are
restricted to root access, but the commands work on any of the virtual partitions, regardless
of which partition the commands are executed from. Therefore, a user with the appropriate
privileges on one partition can affect another virtual partition by targeting the virtual partition
in a vPars command. For example, a root user running on the partition vpar2 can reset the
partition vpar3 using the vparreset command.
To minimize such interactions, use the vPars Flexible Administrative Capability. With this
feature, you can assign vPars administration capabilities to designated virtual partitions.
Only superusers within the designated virtual partitions can affect other virtual partitions;
a superuser within a non-designated virtual partition can perform only operations that affect
itself. For more information, see the Chapter 11: “vPars Flexible Administrative Capability”
(page 295).
A user with access to the console can gain access to the file systems on any of the virtual
partitions in the hard partition. To prevent this, control access to the physical console or
GSP.
NOTE: A white paper on using RBAC (Role-based Access Control) with vPars A.04.xx and
A.05.xx is available at :
http://docs.hp.com/en/vse.html#Virtual%20Partitions
36 How vPars and Its Components Work