IBM AIX Continuous Availability Features - IBM Redbooks
IBM AIX Continuous Availability Features - IBM Redbooks
IBM AIX Continuous Availability Features - IBM Redbooks
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
2.7 Security<br />
eServer Certification Study Guide - <strong>AIX</strong> 5L Performance and System Tuning, SG24-6184,<br />
which is available at the following site:<br />
http://www.redbooks.ibm.com/redbooks/pdfs/sg246184.pdf<br />
The raso command<br />
The raso command is used to configure “selected” RAS tuning parameters. This command<br />
sets or displays the current or next-boot values to configure selected tuning parameters for<br />
the RAS tuning parameters it supports. The command can also be used to make permanent<br />
changes, or to defer changes until the next reboot.<br />
The specified flag determines whether the raso command sets or displays a parameter. The<br />
-o flag can be used to display the current value of a parameter, or to set a new value for a<br />
parameter.<br />
Here, we show the command syntax for the raso command:<br />
Command Syntax<br />
raso [ -p | -r ] [ -o Tunable [ = Newvalue ] ]<br />
raso [ -p | -r ] [ -d Tunable ]<br />
raso [ -p ] [ -r ] -D<br />
raso [ -p ] [ -r ] [-F]-a<br />
raso -h [ Tunable ]<br />
raso [-F] -L [ Tunable ]<br />
raso [-F] -x [ Tunable ]<br />
Note: Multiple -o, -d, -x, and -L flags can be specified.<br />
As with all <strong>AIX</strong> tuning parameters, changing a raso parameter may impact the performance or<br />
reliability of your <strong>AIX</strong> LPAR or server; refer to <strong>IBM</strong> System p5 Approaches to 24x7 <strong>Availability</strong><br />
Including <strong>AIX</strong> 5L, for more information about this topic, which is available at the following site:<br />
http://www.redbooks.ibm.com/redbooks/pdfs/sg247196.pdf<br />
We recommend that you do not change the parameter unless you are specifically directed to<br />
do so by <strong>IBM</strong> Software Support.<br />
The security features in <strong>AIX</strong> also contribute to system availability.<br />
Role-Based Access Control<br />
Role-Based Access Control (RBAC) improves security and manageability by allowing<br />
administrators to grant authorization for the management of specific <strong>AIX</strong> resources to users<br />
other than root by associating those resources with a role that is then associated with a<br />
particular system user. Role-Based Access Control can also be used to associate specific<br />
management privileges with programs, which can reduce the need to run those programs<br />
under the root user or via setuid.<br />
<strong>AIX</strong> Security Expert LDAP integration<br />
The <strong>AIX</strong> Security Expert provides clients with the capability to manage more than 300 system<br />
security settings from a single interface. The <strong>AIX</strong> Security Expert has been enhanced in <strong>AIX</strong><br />
V6.1 with an option to store security templates directly in a Lightweight Directory Protocol<br />
(LDAP) directory, thus simplifying implementation of a consistent security policy across an<br />
entire enterprise.<br />
Chapter 2. <strong>AIX</strong> continuous availability features 51