Manualshelf

HP-UX Secure Resource Partitions (SRP) A.02.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Containers (SRP) Software
21222324252627282930
28
// lock out access to the other compartment's root directory
perm nsearch /var/hpsrp
// open access to compartment root
perm all /var/hpsrp/mySRP
// to DNS
grant bidir udp peer port 53 init
:
:
Step 5: Adding the sshd Template
After you have created a base SRP compartment, you can configure the compartment to host specific
services using the -t template_name option. For example, to configure the compartment to host
an HP-UX sshd daemon, enter the following command:
srp -add compartment_name -t sshd
The srp utility prompts the user with a list of services valid for the template. In this example, the user
specifies the cmpt and provision services and accepts the default values for all variables. The
command output and user input for this example are as follows:
# /opt/hpsrp/bin/srp -a mySRP -t sshd
Enter the requested values when prompted, then press return.
Enter "?" for help at prompt. Press control-c to exit.
Services to add: [cmpt,provision] RETURN
sshd data path: [/var/hpsrp/mySRP/opt/ssh] RETURN
sshd executable path: [/opt/ssh] RETURN
Copy SSH config data from path: [/opt/ssh/newconfig] RETURN
sshd port number: [22] RETURN
Press return or enter "yes" to make the selected modifications with these
values. Do you wish to continue? [yes]
add compartment rules succeeded
add provision service succeeded
Step 6: Listing the Configuration Data for the sshd Template
To list the data configured for the sshd template, enter the following command:
srp -list compartment_name -v -t sshd
The srp utility lists the compartment rules and added for the sshd template. To view all the
configuration data for the compartment, omit the -t sshd argument.
The output for this example is as follows:
# /opt/hpsrp/bin/srp -l mySRP -v -t sshd
Compartment: mySRP Template: sshd Service: cmpt
----------------------------------------------------------------------
Compartment Configuration (/etc/cmpt/mySRP.rules):
@tag-start compartment="mySRP" template="sshd" service="cmpt" id="1" ;