Manualshelf

HP-UX Secure Resource Partitions (SRP) A.02.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Containers (SRP)
11121314151617181920
19
IMPORTANT: By default, once compartment login is enabled, only the root user (user
name of “root”) is allowed to login to the INIT compartment. To allow additional users to
login to the INIT compartment, you will need to assign any additional users to the RBAC role
of SRPlogin-init.
To enable additional users for INIT compartment login:
>roleadm assign <user_name> SRPlogin-init
To enable additional groups for INIT compartment login:
>roleadm assign “&<group_name>” SRPlogin-init
Strong ES Model (required for the SRP product when using networking). Enables symmetric
routing on the system which causes connection based protocols such as TCP to use the same
interface for both inbound and outbound. Note that enabling the strong ES model makes the
system unable to function as an IP router. For more information about the strong ES model,
see 1.3.4 IP Routers and Strong End System (ES) Model.
Limited Scope Secure Shell Daemon. Can be used to prevent the secure shell daemon
in the INIT compartment from listening on SRP specific IP addresses. You can specify the IP
addresses to be used, with the default being the system default IP address. (For more
information about address collisions, see 1.3.2.2 Address Collisions with INADDR_ANY and
IN6ADDR_ANY Sockets in the INIT Compartment.)
2.3 Example: srp_sys -setup
In this example, the user presses RETURN and accepts the default values for each prompt.
# /opt/hpsrp/bin/srp_sys -setup
##############################
#
# Setup SRP default template
#
##############################
Loading SRP default template ... [ OK ]
The default services do not include IPFilter or IPSec. You can add them to the set of default services in
the following dialog.
Enable SRP configuration for the following services:
admin (compartment administrator) [y] RETURN
init (compartment startup and shutdown scripts) [y] RETURN
login (compartment login via pam_security) [y] RETURN
network (IP address and network interface management [y] RETURN
prm (Process Resource Management) [y] RETURN
ipfilter (ipfilter host firewall rules) [n] RETURN
ipsec (ipsec secure transport rules) [n] RETURN
provision (run customizable provision script) [y] RETURN
Selected SRP service(s) are: cmpt,admin,init,login,network,prm,provision
Would you like to save the changes? [y] RETURN
Saving SRP default template ... [ OK ]
##############################