Software Distributor Administration Guide for HP-UX 11i

ManualsBrandsHP ManualsSoftwareHP-UX 11i v1.6 Technical Computing (TCOE) LTU

271

272

273

274

275

276

277

278

279

280

SD-UX Security

ACL Entries

Chapter 9 277

The depot ACL controls insertion (creation) of new products, while the

inserted object has its own ACL that controls modification and deletion.

This lets the creator (owner) of a product on a depot change or delete the

product without requiring the broader write permission that could affect

other users’ products on the same depot.

This is useful for product control, because it lets you assign management

control for a specific product to a delegated administrator. Also, when a

product is created on a depot, the user and group identity of the creator

is recorded in the product information.

If the product ACL contains an object_owner entry granting write

permissions to the owner, then the product creator will automatically

have rights to change or delete the product. Therefore, the depot can be

more widely opened to insertion because users with insert permission

can only copy in new products or delete their own products: you don’t

have to worry about a user erroneously deleting some critical product

that they shouldn’t control.

The rationale for this protection scheme is borrowed from a mechanism

introduced in the BSD file system. With write permissions on a BSD

directory, you may create a file in the directory. If the sticky mode bit is

set on the directory, only the file owner, the directory owner, or superuser

may remove or rename the file.

For example: In /tmp, owned by root, with “wide-open” write permission

and the sticky bit set manually (i.e., mode 1777), anyone can create files

that nobody else (except themselves and superuser) can remove. This

makes /tmp a more secure place to store temporary work because

someone else can’t delete your files there.

Installing or copying from an unregistered depot requires the user and

the target agent’s host to have insert permission on the depot’s host. If

this permission is denied to the target’s host, the depot’s daemon log will

contain the message:

ERROR: Access denied to SD agent at host lucille on

behalf of rob@lucille to start agent on unregistered

depot "/users/rob/depot." No (i)nsert permission on

host.

07/23/01 15:51:06 MDT

This message indicates it is the agent at lucille that did not have

insert permission on the depot’s host, not the user rob@lucille.