Manualshelf

HP-UX Secure Resource Partitions (SRP) A.02.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Containers (SRP)
21222324252627282930
25
4 Getting Started with SRP
This chapter shows the commands used to manage the lifecycle of a sample SRP compartment. This
chapter addresses the following topics:
4.1Sample SRP Lifecycle
Step 1: Setting Up SRP
Step 2: Displaying Input Parameters for the base Template
Step 3: Creating a Base SRP Compartment
Step 4: Listing the Configuration Data
Step 5: Adding the sshd Template
Step 6: Listing the Configuration Data for the sshd Template
Step 7: Starting the SRP Compartment
Step 8: Getting SRP status information
Step 9: Replacing SRP Configuration Data
Step 10: Stopping the SRP Compartment
Step 11: Deleting the SRP Compartment
4.1Sample SRP Lifecycle
The following user session shows the SRP commands used to set up the SRP environment and then
create, administer, and delete an example SRP compartment. Each command is numbered and
described in the sections that follow.
# srp_setup #1 Set up SRP
# srp -help -template base #2 Show input parameters for the
base template
# srp -add mySRP #3 Create a base SRP compartment
# srp -list mySRP -v #4 List the configuration data
# srp -add mySRP -t sshd #5 Add the sshd template
# srp -list mySRP -v -t sshd #6 List the configuration data for
sshd
# srp -start mySRP #7 Start the SRP compartment
# srp status mySRP #8 Get status of the SRP
# srp -replace mySRP -s prm #9 Replace the PRM configuration
values
# srp -stop mySRP #10 Stop the SRP compartment
# srp -delete mySRP -batch #11 Delete the SRP compartment
4.1.2 Run Environment for the SRP Session
By default, you must have superuser capability to run the srp utility. In addition, you must have the
authorization to modify the system and subsystem configuration files managed by srp. You must run
the srp utility from the INIT compartment. The INIT compartment is a permanent, default
compartment defined by the Security Containment product. (If the Security Containment product is not
already enabled, the srp_setup script enables it, which creates the INIT compartment.) By default,
processes running in the INIT compartment have no compartment based restrictions on accessing
system files.
For more information about using the INIT compartment, see 1.3.2.1 Using the INIT Compartment.
All SRP utilities are located in the directory /opt/hpsrp/bin.