Manualshelf

Software Distributor Administration Guide for HP-UX 11i

ManualsBrandsHP ManualsSoftwareHP-UX 11i v1.6 Technical Computing (TCOE) LTU
291292293294295296297298299300
SD-UX Security
RPC Authorization
Chapter 9 291
RPC Authorization
This section discusses how agents handle controller requests, local
superuser authorization, depot registration, and daemon/agent security
In SD-UX, objects are protected by ACLs. An ACL is a structure,
attached to an object, that defines access permissions for multiple users
and groups. It extends the concepts defined by the HP-UX file system
mode bits in two ways: by allowing specification of the access rights of
many individuals and groups instead of just one of each; and by
protecting entire SD-UX objects, rather than individual files.
Generally, a controller requests an agent to perform some operation on a
object. SD-UX protects each host, depot, depot-product, and installation
object (root) with an ACL. After a call is authenticated, the ACL manager
is consulted for a caller’s access permissions to a protected object before
allowing the action.
SD-UX authorization uses ACLs to determine the RPC caller’s rights to
access a particular SD-UX object in a particular way (i.e., read, write).
An object’s ACL is searched for an entry that matches the caller. Once a
matching entry is found, the permissions granted in that entry are
compared to those required for the operation. If permissions required for
the operation are all granted by the entry, access is authorized, and
SD-UX proceeds with the requested operation.