cmpt_tune(1m) [hpux man page]
cmpt_tune(1M) cmpt_tune(1M) NAME
cmpt_tune - query, enable, or disable compartmentalization feature SYNOPSIS
boot_image] boot_image] DESCRIPTION
queries, enables, or disables the compartmentalization feature. Compartmentalization is not a dynamic feature; enabling or disabling the feature requires a reboot. If you make a change and do not specify the flag, reports a reboot reminder message. If no options are speci- fied, the option is assumed. If no compartments have been defined when compartmentalization is enabled, the network interfaces currently installed on the system are assigned to a new compartment and the administrator is given the opportunity to reassign these interfaces (see getrules(1M)). The system initially boots into a predefined compartment, A process in the compartment can access all objects (that is, all processes, files, IPC objects, etc., are accessible from the compartment). See compartments(5) for more information. Using the command (see set- filexsec(1M)), an administrator can set specific binaries to start automatically in other compartments; that is, when a process executes the binary, it may find its compartment modified as a side-effect. This concept is similar to a setuid binary changing a process's euid. When the or option is specified without the option, the current running configuration is modified. If or is specified with the option and boot_image does not exist, it is created as though the administrator ran the following command: In any case, boot_image is marked for use on the next boot. Options The command recognizes the following options: Disables compartments. Enables compartments. Prints a help message. Makes changes to or queries the specified boot_image. If this option is not specified, defaults to If no other options are specified, the option is assumed. Queries the current state of compartments. Queries the state of compartments after the next reboot. Reboots after making changes. You can only use this option with the or options. Sets silent mode. Only the exit status is set. RETURN VALUE
returns the following values: When querying, the compartmentalization feature is enabled. When making changes, the changes are successfully applied. An option processing error occurred. When querying, the compartmentalization feature is disabled. When making changes, and is specified, the reboot option is ignored (for example, to allow for editing of compartment configuration files). When querying, the kernel configuration specified does not exist or has no support for compartmentalization. WARNINGS
A network interface that is not assigned to any compartment cannot be accessed by any process and effectively cannot be used. Assign at least one network interface to a compartment so that network communications can function. If the or option is used in conjunction with the option, any prior changes pending to the current configuration are lost. If the compartments feature is enabled on a kernel configuration that does not reflect the required patch levels (for example, patch PHKL_32798 is missing), the system may not boot properly or may not have network connectivity. SEE ALSO
authadm(1M), kconfig(1M), getrules(1M), setfilexsec(1M), setrules(1M), compartments(4), compartments(5). cmpt_tune(1M)
Check Out this Related Man Page
crontab(1) General Commands Manual crontab(1) NAME
crontab - user job file scheduler SYNOPSIS
[file] [username] [username] [username] DESCRIPTION
The command manages a crontab file for the user. You can use a crontab file to schedule jobs that are executed automatically by (see cron(1M)) on a regular basis. The command has four forms: Create or replace your crontab file by copying the specified file, or standard input if file is omitted or is specified as file, into the crontab directory, The name of your crontab file in the crontab directory is the same as your effective user name. If the compartmentalization feature is enabled, the crontab file is your effective user name followed by a colon followed by the compartment id from which the crontab file is created. Edit a copy of the user's crontab file, or create an empty file to edit if the crontab file does not exist. When editing is complete, the file will be copied into the crontab directory as the user's crontab file. If the compartmentalization feature is enabled, it only edits a copy of the user's crontab file from the compartment that the crontab files were created from. Lists the user's crontab file. If the compartmentalization feature is enabled, it only lists the crontab files from the compartment that the crontab files were created from. Remove the user's crontab file from the crontab directory. If the compartmentalization feature is enabled, it only removes the crontab files from the compartment that the crontab files were created from. Only a privileged user can use username following the or options, to edit, list, or remove the crontab file of the specified user. The entries in a crontab file are lines of six fields each. The fields are separated by spaces or tabs. The lines have the following for- mat: minute hour monthday month weekday command The first five are integer patterns that specify when the sixth field, command, should be executed. They can have the following ranges of values: minute The minute of the hour, hour The hour of the day, monthday The day of the month, month The month of the year, weekday The day of the week, Each pattern can be either an asterisk meaning all legal values, or a list of elements separated by commas. An element is either a number in the ranges shown above, or two numbers in the range separated by a hyphen (meaning an inclusive range). Note that the specification of days can be made in two fields: monthday and weekday. If both are specified in an entry, they are cumulative. For example, runs command at midnight on the first and fifteenth of each month, as well as every Monday. To specify days in only one field, set the other field to asterisk For example, runs command only on Mondays. The sixth field, command (the balance of a line including blanks in a crontab file), is a string that is executed by the shell at the spec- ified times. A percent character in this field (unless escaped by a backslash is translated to a newline character, dividing the field into "lines". Only the first "line" (up to a or end-of-line) of the command field is executed by the shell. Any other "lines" are made available to the command as standard input. Blank lines and those whose first non-blank character is will be ignored. invokes the command from the user's directory with the POSIX shell, It runs in the queue (see queuedefs(4)). supplies a default environment for every shell, defining: Users who desire to have their executed must explicitly do so in the crontab entry or in a script called by the entry. You can execute if your name appears in the file If that file does not exist, you can use if your name does not appear in the file If only exists and is empty, all users can use If neither file exists, only the user can use The files consist of one user name per line. Security Restrictions If the compartmentalization feature is enabled, and invoke the jobs from the compartment that the jobs were created from. Note that cre- ates the job files in Hence, if the command is invoked from a compartment which has no write access to this directory and which disallows the privilege, fails to schedule the jobs. See compartments(5) and privileges(5) for more information. EXTERNAL INFLUENCES
Environment Variables determines the interpretation of text within file as single and/or multibyte characters. determines the language in which messages are displayed. If or is not specified in the environment or is set to the empty string, the value of is used as a default for each unspecified or empty variable. If is not specified or is set to the empty string, a default of "C" (see lang(5)) is used instead of If any internationalization variable contains an invalid setting, behaves as if all internationalization variables are set to "C". See environ(5). determines the editor to be invoked when option is specified. The default editor is vi. International Code Set Support Single-byte and multibyte character code sets are supported. WARNINGS
Be sure to redirect the standard output and standard error from commands. If this is not done, any generated standard output or standard error is mailed to the user. FILES
Main cron directory List of allowed users List of denied users Accounting information Directory containing the crontab files SEE ALSO
sh(1), cron(1M), queuedefs(4), compartments(5), privileges(5). STANDARDS CONFORMANCE
crontab(1)