Software Distributor Administration Guide for HP-UX 11i

Nonprivileged SD

Setting Up Nonprivileged Mode

Chapter 12 417

Turning On Nonprivileged Mode

SD functions in nonprivileged mode only when the run_as_superuser

option is set to false and the invoking user is not super-user.

This option applies to all SD-UX commands except swagent, swagentd,

swjob, and install-sd. When you set this option to false, any command to

which it applies will run in nonprivileged mode. For example:

• Including -x run_as_superuser=false on the command line

invokes nonprivileged mode for that command only.

• Including -x run_as_superuser=false in your

$HOME/.swdefaults directory invokes nonprivileged mode for any or

all SD-UX commands that you run.

• Including -x run_as_superuser=false in /var/adm/sw/defaults

invokes nonprivileged mode for all SD-UX commands on the system.

See Appendix A, “Command Options,” on page 421 for complete

information on using these options.

NOTE This option is ignored (treated as true) when the invoking user is

super-user.

How Nonprivileged Mode Changes SD-UX Behavior

When the run_as_superuser option is set to the default value of true,

SD-UX operations are performed normally, with permissions for

operations either granted to a local super-user or set by SD ACLs. (See

Chapter 9, “SD-UX Security,” on page 255 for details on ACLs.)

When run_as_superuser is set to false and the invoking user is local

and is not super-user, nonprivileged mode is invoked:

• Permissions for operations are based on the user’s file system

permissions.

•SD ACLs are ignored.

• Files created by SD have the uid and gid of the invoking user, and the

mode of created files is set according to the invoking user’s umask.