https://community.hpe.com/t5/operating-system-hp-ux/vpar-security/m-p/4259841#M332791 Shalom,<BR /><BR />Two things to do. Insure vpar security itself is as strong as a standalone system.<BR /><BR />Make sure the console that controls the vpar is secure. Use ssh not telnet for access. Limit who has the password.<BR /><BR />If you have root access there is no such thing as a safe system.<BR /><BR />SEP Thu, 28 Aug 2008 14:06:45 GMT Steven E. Protter 2008-08-28T14:06:45Z https://community.hpe.com/t5/operating-system-hp-ux/vpar-security/m-p/4259839#M332789 What's stopping me from being a nasty beligerent boy with a root shell and doing a:<BR /><BR /># vparreset -p whomever -t<BR /><BR />RBAC certainly won't, at least I can't see how. THere's some monitor level stuff that restrics which vPars can do administrative work. But I still seem to be able as root to reset other vPars from the same nPar.<BR /><BR />Have I missed something? Thu, 28 Aug 2008 14:00:45 GMT https://community.hpe.com/t5/operating-system-hp-ux/vpar-security/m-p/4259839#M332789 rocke robertson 2008-08-28T14:00:45Z https://community.hpe.com/t5/operating-system-hp-ux/vpar-security/m-p/4259840#M332790 Yes, you missed something.<BR /><BR />See the manual on how to configure this security. Thu, 28 Aug 2008 14:05:50 GMT https://community.hpe.com/t5/operating-system-hp-ux/vpar-security/m-p/4259840#M332790 Torsten. 2008-08-28T14:05:50Z https://community.hpe.com/t5/operating-system-hp-ux/vpar-security/m-p/4259841#M332791 Shalom,<BR /><BR />Two things to do. Insure vpar security itself is as strong as a standalone system.<BR /><BR />Make sure the console that controls the vpar is secure. Use ssh not telnet for access. Limit who has the password.<BR /><BR />If you have root access there is no such thing as a safe system.<BR /><BR />SEP Thu, 28 Aug 2008 14:06:45 GMT https://community.hpe.com/t5/operating-system-hp-ux/vpar-security/m-p/4259841#M332791 Steven E. Protter 2008-08-28T14:06:45Z https://community.hpe.com/t5/operating-system-hp-ux/vpar-security/m-p/4259842#M332792 <A href="http://docs.hp.com/en/T1335-90083/ch11s02.html?btnPrev=%AB%A0prev" target="_blank">http://docs.hp.com/en/T1335-90083/ch11s02.html?btnPrev=%AB%A0prev</A> Thu, 28 Aug 2008 14:08:01 GMT https://community.hpe.com/t5/operating-system-hp-ux/vpar-security/m-p/4259842#M332792 Torsten. 2008-08-28T14:08:01Z https://community.hpe.com/t5/operating-system-hp-ux/vpar-security/m-p/4259843#M332793 Chapter 11 vPars Flexible Administrative Capability (vPars A.03.03, A.03.04, vPars A.04.02, A.04.03, A.05.01)<BR /><BR />...<BR />This chapter discusses the concepts and tasks on using the vPars Flexible Administrative Capability feature (formerly called Primary-Admin vPars Security). With this feature, you can specify vPars administration capabilities for zero, one, or more designated virtual partitions. Only superusers within the designated virtual partitions can perform the vPars administration commands that affect other virtual partitions; a superuser within a non-designated virtual partition can perform only operations that affect itself.<BR />...<BR /><BR /><A href="http://docs.hp.com/en/T1335-90083/ch11.html" target="_blank">http://docs.hp.com/en/T1335-90083/ch11.html</A> Thu, 28 Aug 2008 14:09:28 GMT https://community.hpe.com/t5/operating-system-hp-ux/vpar-security/m-p/4259843#M332793 Torsten. 2008-08-28T14:09:28Z https://community.hpe.com/t5/operating-system-hp-ux/vpar-security/m-p/4259844#M332794 Gentlemen, I have enabled the flexible administrative section and as you have stated, it prevents administrators from administrating other vPars.<BR /><BR />Thank you very much for your quick responses.<BR /><BR />If I could give you 11 points I would. A little plug for "Spinal Tap". Thu, 28 Aug 2008 14:39:41 GMT https://community.hpe.com/t5/operating-system-hp-ux/vpar-security/m-p/4259844#M332794 rocke robertson 2008-08-28T14:39:41Z