Manualshelf

Software Distributor Administration Guide for HP-UX 11i

ManualsBrandsHP ManualsSoftwareHP-UX 11i v1.6 Technical Computing (TCOE) LTU
261262263264265266267268269270
SD-UX Security
Basic Security Tasks
Chapter 9270
NOTE It is possible to edit an ACL so that you cannot access it! Caution should
be used to avoid accidentally removing your own control (c) permissions
on an ACL. As a safeguard, the local superuser may always use swacl to
edit SD-UX ACLs.
Here are some examples based on the following ACL that is protecting a
product (FORTRAN) created by user rob whose local host is
lehi.fc.hp.com:
# swacl Product Access Control Lists
#
# For host: lehi:/
#
# Date: Mon Nov 06 16:39:58 2001
#
# For product: FORTRAN,r=9.0,v=HP
# Object Ownership: User=root
# Group=sys
# Realm=lehi.fc.hp.com
# default_realm=lehi.fc.hp.com
object_owner:crwit
user:barb:-rt
user:ramon:-rt
group:swadm:crwit
host:alma.fc.hp.com:-rt
any_other:-rt
You can list the ACLs for the product is FORTRAN in depot
/var/spool/sw (the default depot) and prepare it for editing:
swacl -l product FORTRAN >acl_tmp
This will bring the above ACL into the file acl_tmp, and it is ready for
editing. Edit the acl_tmp file with any suitable text editor.
To replace all entries in the ACL for FORTRAN, type:
swacl -l product -F acl_tmp FORTRAN
To edit the default product template on a depot /var/spool/sw_dev,
use:
swacl -l product_template @ /var/spool/sw_dev >tmp_file