Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
HP-UX System Administrator's Guide: Security Management: HP-UX 11i Version 3 > Chapter 6 File System Security

Protecting Disk Partitions and Logical Volumes


Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Glossary

 » Index

A Logical Volume Manager (LVM) is a common disk management tool. LVM divides up the disk more easily than disk partitions, and the volumes can span multiple disks. Volumes are logical devices that appear as a physical disk partition. You can use a volume as a virtual disk partition for such applications as creating a file system or a database.

Following are some security considerations regarding disk partitions and logical volumes:

  • Ensure that the device special files for disk partitions and logical volumes are readable only by root and perhaps by an account used for disk backups. See Section .

  • Because ownership and permissions are stored in the inode, anyone with write permission to a mounted partition can set the user ID for any file in that partition. The file is subject to change regardless of the owner, bypassing the chmod() system call and other security checks.

    If the device special file is writable, a user can open that file and access the raw disk. The user can then directly edit the file system, read files, or change file permissions and owners.

    Make sure the file permissions forbid access to the device special file and allow only root to read.

  • If a program, such as a database application, requires direct access to the partition, reserve that partition exclusively for the program. Do not mount a partition as a file system if users can access the partition directly. If you do mount a partition as a file system, users could edit the underlying file system.

    Inform program users that the file's security is enforced by its permission settings rather than by the HP-UX file system.

Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2008 Hewlett-Packard Development Company, L.P.