Manuals / HP / Computer Equipment / Software

HP UX 11i Role-based Access Control (RBAC) Software manual Activating Compartments, # setrules -p

Models: UX 11i Role-based Access Control (RBAC) Software

1 84
Download 84 pages 13.76 Kb
Page 60
Image 60

Create a single compartment configuration file for each software component.

This enables you to remove the compartment configuration easily if you remove the software from the system. You can also find all rules pertaining to the software component easily.

Some software products are shipped with compartment rules already configured. Avoid modifying these rules.

Before you make modifications to shipped compartment configurations, be sure you understand the existing configuration. Read the documentation for the software product and examine the existing configuration carefully.

CAUTION: Do not redefine the existing INIT compartment. If you attempt to change or redefine the INIT compartment, all automatically generated definitions will be destroyed and compartments will not function properly.

Activating Compartments

To activate compartment rules on your system, follow these steps:

1.Plan your compartment rules. See “Planning the Compartment Structure” for more information.

TIP: HP recommends you plan your compartment rules configuration carefully. After you have edited your configuration and implemented it on a production system, it becomes difficult to change. When you change a compartment configuration, you must make changes to user procedures, scripts, and tools.

2.Create compartment rules. See “Compartment Rules and Syntax” for instructions on completing this step and for a complete description of compartment rules syntax.

3.(Optional) Preview your compartment rules by entering the following command:

# setrules -p

The -poption parses the configured rules list and reports any discrepancies in syntax and semantics. HP recommends that you follow this step before enabling compartment rules on your system.

4.(Optional) Make backup copies of the compartment configuration files. Either put these files outside the /etc/cmpt directory or omit the .rules suffix. Doing this lets you easily revert to your starting point if an editing problem occurs.

5.Enable the compartments feature by entering the following command:

# cmpt_tune -e

6.Reboot your system. This step is mandatory.

TIP: Keep your backup files; this makes it easier to revert to a prior configuration.

Modifying Compartment Configuration

You can create new compartments and modify existing compartments without rebooting the system. If you enable or disable the compartment feature, or completely remove a compartment, you must reboot the system. However, if you remove all rules associated with a compartment and all references to that compartment, you can leave the compartment on your system until the next reboot.

Refer to “Changing Compartment Names” for more information about the implications of changing the name of a compartment.

60 Compartments

Page 59 Page 61
Page 60
Image 60
HP UX 11i Role-based Access Control (RBAC) Software manual Activating Compartments, Modifying Compartment Configuration
Page 59 Page 61