Software Distributor Administration Guide for HP-UX 11i
SD-UX Security
Security Use Models
Chapter 9296
swacl -l host \
-M group:swadm@`hostname`:a @ remsys1. . .remsysN
swacl -l global_soc_template\
-M group:swadm@`hostname`:a @ remsys1. . .remsysN
swacl -l global_product_template \
-M group:swadm@`hostname`:a @ remsys1. . .remsysN
You may want to grant permissions to specific users to manage
particular products on the primary depot. For example, user ramon may
be assigned responsibility to manage the ALLBASE product on your
depot, installing new versions and patches when they become available.
To add ramon to the ACL for ALLBASE on the local depot and grant him
all permissions on that one product, run the command:
swacl -l product -M user:ramon:a ALLBASE
At the same time, you may want to eliminate the ACL entry for group
swadm for the same product:
swacl -l product -D group:swadm ALLBASE
Security in Local Distributions
Host administrators may grant permission to individual users or groups,
trusted at the local host, to administer software locally. Trusted local
users have root ACL entries granting insert and write permissions. At
the source depot, access to all software products is allowed by
unrestricted read access to hosts, depots, and products. This is the basis
of a pull model of software distribution.
Restricting Installation to Specific Target Systems by Specific
Users
Managers of software source depots may leave software openly
installable, as described above, or may choose to limit distribution to
specific systems. ACLs protecting source depot products may contain
entries that restrict product read access to only specified systems,
allowing installation only to those systems. This restriction applies to
both the push and pull models.
Below is a sample product ACL that restricts read permission to
systemA and systemB and grants all permissions to user swadm: