HP-UX Secure Resource Partitions (SRP) A.02.01 Administrator's Guide
25
4 Getting Started with SRP
This chapter shows the commands used to manage the lifecycle of a sample SRP compartment. This
chapter addresses the following topics:
• 4.1Sample SRP Lifecycle
• Step 1: Setting Up SRP
• Step 2: Displaying Input Parameters for the base Template
• Step 3: Creating a Base SRP Compartment
• Step 4: Listing the Configuration Data
• Step 5: Adding the sshd Template
• Step 6: Listing the Configuration Data for the sshd Template
• Step 7: Starting the SRP Compartment
• Step 8: Getting SRP status information
• Step 9: Replacing SRP Configuration Data
• Step 10: Stopping the SRP Compartment
• Step 11: Deleting the SRP Compartment
4.1Sample SRP Lifecycle
The following user session shows the SRP commands used to set up the SRP environment and then
create, administer, and delete an example SRP compartment. Each command is numbered and
described in the sections that follow.
# srp_setup #1 Set up SRP
# srp -help -template base #2 Show input parameters for the
base template
# srp -add mySRP #3 Create a base SRP compartment
# srp -list mySRP -v #4 List the configuration data
# srp -add mySRP -t sshd #5 Add the sshd template
# srp -list mySRP -v -t sshd #6 List the configuration data for
sshd
# srp -start mySRP #7 Start the SRP compartment
# srp –status mySRP #8 Get status of the SRP
# srp -replace mySRP -s prm #9 Replace the PRM configuration
values
# srp -stop mySRP #10 Stop the SRP compartment
# srp -delete mySRP -batch #11 Delete the SRP compartment
4.1.2 Run Environment for the SRP Session
By default, you must have superuser capability to run the srp utility. In addition, you must have the
authorization to modify the system and subsystem configuration files managed by srp. You must run
the srp utility from the INIT compartment. The INIT compartment is a permanent, default
compartment defined by the Security Containment product. (If the Security Containment product is not
already enabled, the srp_setup script enables it, which creates the INIT compartment.) By default,
processes running in the INIT compartment have no compartment based restrictions on accessing
system files.
For more information about using the INIT compartment, see 1.3.2.1 Using the INIT Compartment.
All SRP utilities are located in the directory /opt/hpsrp/bin.