Manualshelf

HP-UX Secure Resource Partitions (SRP) A.02.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Containers (SRP) Software
11121314151617181920
18
2 Setting Up an SRP
This chapter describes how to use srp_setup to set up the SRP environment. This chapter addresses the
following topics:
2.1 The srp_sys Utility
2.2 Using srp_sys setup to Set or modify system properties
2.3 Example: srp_sys -setup
2.4 Using srp_sys list to Display System Properties
2.5 Example: srp_sys -list
2.1 The srp_sys Utility
The /opt/hpsrp/bin/srp_sys utility is used to set and view system-wide configuration properties
that affect SRP. It is required to run srp_syssetup before using the srp utility to add SRPs to
the system.
The srp_syssetup utility has the following syntax:
srp_sys setup
srp_sys list [v[erbose]]
srp_sys help
where:
setup configures and enables system wide configuration properties used by SRP
list lists the configuration status of system wide configuration properties used by SRP
help displays usage information for srp list.
verbose displays detailed information for the list operation
2.2 Using srp_sys –setup to Set or modify system properties
The srp_sys setup command ensures that the system is an appropriate state for successful
configuration of SRP compartments. The srp_sys utility checks the status of the subsystems that can
be configured by SRP. If a subsystem is not enabled, srp_sys prompts if you want to enable the
service. It also prompts for subsystem startup data, such as configuration directories and autostart
parameters. Once executed srp_sys -setup modifies SRP default template with these subsystem
startup data. srp_sys -setup also prompts you for the SRP services you want to enable. The
services you enable also become the default services for the templates (SRP will not apply a service if
the service is not valid for a given template).
HP requires that you run srp_sys -setup after you install SRP, but you can run it anytime that you
want to change the default parameters for SRP.
You can use srp_sys -setup to enable the following features:
Security Containment compartments (required for the SRP product). When the Security
Containment compartments feature is initially enabled, it creates the INIT and ifaces
compartments. For more information about the INIT and ifaces compartments, see 1.3.2
Coexistence with the INIT Compartment.
Compartment Login. Enabling this feature configures the system to control user based
authentication (including login) on a per SRP basis by enabling the CMPT_LOGIN flag in
/etc/cmpt/cmpt.conf and verifying that /etc/pam.conf includes the required pam_hpsec
module.