Manualshelf

HP-UX Virtual Partitions Administrator's Guide (includes A.05.02)

ManualsBrandsHP ManualsSoftwareHP Integrity Virtual Machines Manager (vmmgr) Software
31323334353637383940
How vPars and its Components Work
Security
Chapter 2
39
Security
You should be aware of the following security issues and solutions:
The vPars commands (as described in “Monitor and Shell Commands” on page 119) are restricted to root
access, but the commands work on any of the virtual partitions, regardless of which partition the
commands are executed from. Therefore, a user with the appropriate privileges on one partition can affect
another virtual partition by targeting the virtual partition in a vPars command. For example, a root user
running on the partition vpar2 can reset the partition vpar3 using the vparreset command.
To minimize such interactions, use the vPars Flexible Administrative Capability. With this feature, you
can assign vPars administration capabilities to designated virtual partitions. Only superusers within the
designated virtual partitions can affect other virtual partitions; a superuser within a non-designated
virtual partition can perform only operations that affect itself. For more information, see the Chapter 11,
“vPars Flexible Administrative Capability (vPars A.03.03, A.03.04, vPars A.04.02, A.04.03, A.05.01),” on
page 329.
A user with access to the console can gain access to the file systems on any of the virtual partitions in the
hard partition. To prevent this, control access to the physical console or GSP.
NOTE A white paper on using RBAC (Role-based Access Control) with vPars A.04.xx and A.05.xx is
available at http://docs.hp.com.