Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
HP-UX System Administrator's Guide: Overview: HP-UX 11i Version 3 > Chapter 3 Major Components of HP-UX

Security and Access Control

» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Glossary

 » Index

HP-UX has many tools for securing your servers and data. Threats to your servers and data can be either malicious or accidental, as well as physical (fires, earthquakes, failing hardware, and so on). Or, they can be logical (misbehaving software, hacking, and so on).

For information about the tools available to protect your servers and data against loss from the threats mentioned previous, see “Data Protection Tools”.

Controlling Access to Data Using Legacy Unix File Ownership and Privileges

HP-UX has the ability to control access to directories and files using a combination of:

  • User and Group ownership of files and directories

  • File and Directory mode

Using these, a file or directory is assigned an owner, a group, and an access mask called a mode, which collectively determine:

Files

Who can read, write, or attempt to execute the file.

Directories

Who can search the contents of the directory, add files to, remove files from, or rename files in the directory, and who can cd to the directory.

There is a lot more to the topic of legacy Unix file ownership and privileges and there are other, more powerful, mechanisms that allow you to carefully control and monitor who is accessing the files and directories on your system. An entire volume of the HP-UX System Administrator’s Guide is devoted to the topic of security. For extensive coverage of the topic of controlling access to the files and directories of your system and other security related topics, see HP-UX System Administrator’s Guide: Security Management.

Controlling Access to Data Using Security Containment Technologies

Traditional UNIX file access mechanisms are adequate for many basic installations, but today’s security and privacy conscious world requires a lot more control over who has access to which data.

With traditional security methods, a typical weak link in the mechanism is the superuser (or root user). The term superuser refers to any account with a User ID (or any program or process with an effective User ID) of “0” (zero). These special accounts allow anyone who has access to them complete access to every local file on the entire server. Should the password for a superuser account fall into the wrong hands, the security of the entire server becomes compromised.

In many installations, it is not desirable to give any one person access to every file on a server. In particular, the role of system administrator might be sub-divided into more specific roles that are assigned to different people. Others may need to administer specific applications, or a database or other entity. Perhaps, for security reasons, it is desirable to give a person access to certain files or capabilities only during certain hours of the day.

Technologies for Greater Access Control

HP-UX 11i version 3 has security technologies that, when used together, provide significantly greater access control of the data files and user privileges on your servers when HP-UX is running in Standard Mode:[6]

Compartments

Compartments isolate unrelated resources on a server to help prevent catastrophic damage to the server if one compartment is penetrated.

When configured in a compartment, an application has restricted access to resources (processes, binaries, data files, and communication channels used) outside its compartment. This restriction is enforced by the HP-UX kernel and cannot be overridden unless specifically configured to do so. If the application is compromised, it will not be able to damage other parts of the system because it is isolated by the compartment configuration.

Fine-Grained Privileges

Traditional UNIX privileges grant “all or nothing” administrative privileges based on the effective UID of the process that is running. If the process is running with the effective UID=0, it is granted all privileges. With fine-grained privileges, processes are granted only the privileges needed for the task and, optionally, only for the time needed to complete the task. Applications that are privilege-aware can elevate their privilege to the required level for the operation and lower it after the operation completes.

Role-Based Access Control

Typically, UNIX system administration commands must be run by a superuser (root user). Similar to kernel level system call access, access is usually “all or nothing” based on the user's effective UID.

HP-UX Role-Based Access Control (HP-UX RBAC) enables you to group common or related tasks into a role. For example, a common role might be User and Group Administration. Once the role is created, you assign to specific users a role or set of roles that enables them to run the commands defined by those roles.

When you implement HP-UX RBAC, you enable non-root users to perform tasks previously requiring superuser privileges without granting those users complete superuser privileges.

Auditing

The HP-UX auditing system records security-related events for later analysis. Administrators use auditing to detect and analyze security breaches. Auditing is available on both Standard Mode and Trusted Mode HP-UX systems.

User Database

Previously, all Standard Mode HP-UX security attributes and password policy restrictions were set on a system-wide basis. The introduction of the user database enables you to set security attributes on a per-user basis that overrides system defaults.

Further Information

For more information on the enhanced security containment features introduced above, see the following resources:

  • HP-UX System Administrator’s Guide: Security Management

  • HP-UX 11i Security Containment Administrator's Guide

  • The privileges(5) manpage



[6] These security technologies are also available in HP-UX 11i version 2. For more information on Standard Mode vs. Trusted Mode, see “Protecting Against Unauthorized Access to Your Servers and Data”.

Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2008 Hewlett-Packard Development Company, L.P.