Installing and Managing HP-UX Virtual Partitions (includes A.03.03)
Primary-Admin vPars Security (vPars A.03.03)
vPars Commands
Chapter 8
223
vPars Commands
When the security mode is ON, the vPars security feature restricts the vPars commands such that you can
alter another virtual partition only if you execute the command from a partition that is in the primary-admin
virtual partition list. When you execute the command from a secondary-admin virtual partition, if the
command alters another virtual partition, it will not be allowed. This is true even if the vPars commands are
applied to an alternate database.
NOTE: if you use a command that alters a virtual partition but you execute it from the partition itself (in
other words, the target partition equals the local virtual partition), this is allowed. For example,
winona2# vparmodify -p winona2 -a cpu::1
Because you are not modifying another virtual partition, this will be allowed even if winona2 is not a
primary-admin virtual partition.
The table below shows the results of this.
The remaining vPars commands, such as vparstatus, are allowed by all virtual partitions regardless of the
security mode because they do not alter other virtual partitions.
NOTE vparcreate
While security is on, when you create a virtual partition, the target partition will be a
secondary-admin virtual partition. You cannot vparcreate a virtual partition as a
primary-admin virtual partition. After the vparcreate command, to change the
secondary-admin virtual partition to a primary-admin virtual partition, you will need to add
the partition to the primary-admin virtual partition list using the vparadmin -a command.
vparstatus
vparstatus does not show whether a virtual partition is in the primary-admin virtual
partition list; you need to use vparadmin -l.
Table 8-1 Security Impact on vPars Commands
vPars
command
Executed from a
primary-admin
virtual partition
Executed from a secondary-admin virtual partition
vparboot allowed not allowed
vparcreate allowed not allowed
vparremove allowed not allowed
vparmodify allowed not allowed unless target partition is the local virtual partition
vparreset allowed not allowed unless target partition is the local virtual partition