Installing and Managing HP-UX Virtual Partitions (includes A.03.03)

ManualsBrandsHP ManualsSoftwareHP-UX 11i v3 Integrity Virtual Machines Host Per Core License LTU

211

212

213

214

215

216

217

218

219

220

Primary-Admin vPars Security (vPars A.03.03)

Synopsis

Chapter 8

218

Synopsis

The Primary-Admin vPars Security (PAVS) feature restricts the usage of certain vPars commands such

that only those commands can only be successfully executed from specific virtual partitions. The vPars

commands that are restricted are those that can alter other virtual partitions, such as vparmodify or

vparreset. The specific virtual partitions that are allowed successful execution are known as primary-admin

virtual partitions and are specified by those superusers with the vPars security password. Virtual

partitions not allowed successful execution of the vPars commands that can alter other virtual partitions are

known as secondary-admin virtual partitions. The security feature can be set to either ON or OFF, but only

from the vPars Monitor prompt (MON>).

Terms and Definitions

target partition

This is the virtual partition that is affected when a vPars command is executed. For

example, in the command:

# vparmodify -p winona2 -a cpu::1 ...

an attempt is made to add a CPU to winona2, so winona2 is the target virtual partition.

Usually, the parameter of the -p option is the target partition

local virtual partition

This is the virtual partition from which a vPars command is executed. For example, in the

command:

winona1# vparmodify -p winona2 -a cpu::1

assuming the HP-UX shell prompt contains the hostname, the vparmodify command is

executed from winona1, so winona1 is the local virtual partition. winona2 is the target

partition.

primary-admin virtual partition

This is a virtual partition that is allowed to perform vPars commands that affect other

virtual partitions. For example, assume the security feature is ON and the following

command is executed:

winona1# vparmodify -p winona2 -a cpu::1

Because this command affects another virtual partition (winona2), the local virtual

partition winona1 must be a primary-admin virtual partition in order for this command to

be successful.

secondary-admin virtual partition

This is a virtual partition that is not allowed to perform vPars commands that affect other

virtual partitions. For example, assume the security feature is ON and the following

command is executed:

winona1# vparmodify -p winona2 -a cpu::1