HP-UX Secure Resource Partitions (SRP) A.02.01 Administrator's Guide
36
6 Using the base Template
The base template manages SRP compartment data that is not application-specific. This chapter
describes how to use the base template to create a base SRP compartment. You can also use the
base template to add additional base services to a compartment or to delete or modify the base
services for a compartment.
This chapter addresses the following topics:
• 6.1 Creating a Base SRP Compartment
• 6.2 Replacing or Deleting Base SRP Data
6.1 Creating a Base SRP Compartment
You can use the base template to create a base compartment consists of a Security Containment
compartment and other configuration data. After you create a base SRP compartment, you can use an
application template to add application-specific configuration data to the SRP compartment, such as
compartment file access rules for application-specific directories and IPFilter rules for application-
specific port numbers.
To create a base SRP compartment, enter the following srp -add command. Specifying the base
template (-t base) is optional; the base template is the default template for the add operation.
The srp –add command has the following syntax:
srp -a[dd] compartment_name [-t base] [-s service[,service]...]
Where:
compartment_name
Specifies the name of the SRP compartment to create.
service
Specifies the name of the service to configure. If you do not specify the -s
option, srp prompts you for a list of services to configure with a list of
default services. The factory-configured default services are as follows
(listed in the order that srp prompts for input):
• cmpt - see The cmpt Service
• admin - see The admin Service
• prm - see The prm Service
• network - see The network Service
• init - The init Service
You can modify the set of default services using the srp_setup utility as
described in 2 Setting Up an SRP.
The following services are also valid with the base template:
• login - see The login Service
• ipfilter - see The ipfilter Service
• ipsec - see The ipsec Service
The input data for these services and the data configured are described in
the sections that follow. If SRP uses input data for multiple services, the
srp
utility prompts you for the data once and reuses the value.