HP-UX Secure Resource Partitions (SRP) A.02.01 Administrator's Guide

3 Executing the su Command in the Target SRP

The srp_su command executes the su(1) command in the specified SRP. You must execute the

srp_su command from within the INIT compartment. System administrators can use this command

to login or execute a command within an SRP.

This chapter addresses the following topics:

• 3.1 Using the srp_su Command

• 3.2 Allowing Additional Users to Use the srp_su Command

• 3.3 Example: Using the srp_su Command to Login to the Target SRP

3.1 Using the srp_su Command

The srp_su command has the following syntax:

srp_su srp_name [su_arguments]

Where:

srp_name: Name of the target SRP compartment.

su_arguments: Arguments to be passed to the su(1) command in the target SRP.

Any su arguments may be used.

Only users with the hpux.security.srp_su authorization are allowed to use the srp_su

command. By default, only the root user has this authorization for all SRPs on the system.

3.2 Allowing Additional Users to Use the srp_su Command

To allow additional users to use the srp_su command, you must create new RBAC roles, and assign

the additional users to the role, as follows:

1. Create one new hpux.security.srp_su authorization per system:

# authadm add hpux.security.srp_su

2. Create a new role per SRP:

# roleadm add newRole

3. Assign the hpux.security.srp_su authorization to one role per SRP:

# authadm assign newRole hpux.security.srp_su "srp_name"

4. Assign a role to each user:

# roleadm assign user_name newRole

NOTE: Repeat step 4 for each additional user.

3.3 Example: Using the srp_su Command to Login to the Target SRP

In this example, the root user establishes a session as root in the target SRP. The root user logs in

mySRP SRP from the INIT compartment:

# /opt/hpsrp/bin/srp_su mySRP