Security

The vPars commands (as described in “vPars Monitor and Shell Commands”) are restricted to root access, but the commands work on any of the virtual partitions, regardless of which partition the commands are executed from. Therefore, a user with the appropriate privileges on one partition can affect another virtual partition by targeting the virtual partition in a vPars command. For example, a root user running on the partition vpar2 can reset the partition vpar3 using the vparreset command.

To minimize such interactions, use the vPars Flexible Administrative Capability. With this feature, you can assign vPars administration capabilities to designated virtual partitions. Only superusers within the designated virtual partitions can affect other virtual partitions; a superuser within a non-designated virtual partition can perform only operations that affect itself. For more information, see the Chapter 11: “vPars Flexible Administrative Capability”.

A user with access to the console can gain access to the file systems on any of the virtual partitions in the hard partition. To prevent this, control access to the physical console or GSP.