HP-UX Reference (11i v1 05/09) - 1M System Administration Commands N-Z (vol 4)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals

361

362

363

364

365

366

367

368

369

370

swacl(1M) swacl(1M)

(HP-UX Software Distributor)

NAME

swacl - view or modify SD access control lists (ACLs)

SYNOPSIS

swacl -l level [-D acl_entry| -F

acl_ﬁle| -M acl_entry][-f software_ﬁle][-t target_ﬁle][

-x

option=value][-X option_ﬁle][software_selections][

@ target_selections]

Remarks

• This command supports operations on remote systems. See the

Remote Operation section

below for details.

• Type

man 5 sd

to display sd(5) for an overview of all SD commands.

DESCRIPTION

The

swacl command displays or modiﬁes the Access Control Lists (ACLs) which:

• Protect the speciﬁed target_selections (hosts, software depots or root ﬁlesystems).

• Protect the speciﬁed software_selections on each of the speciﬁed target_selections (software depots

only).

All root ﬁlesystems, software depots, and products in software depots are protected by ACLs. The SD com-

mands permit or prevent speciﬁc operations based on whether the ACLs on these objects permit the opera-

tion. The

swacl command is used to view, edit, and manage these ACLs. The ACL must exist and the

user must have the appropriate permission (granted by the ACL itself) in order to modify it.

ACLs offer a greater degree of selectivity than standard ﬁle permissions. ACLs allow an object’s owner (i.e.

the user who created the object) or the local superuser to deﬁne speciﬁc read, write, or modify permissions

to a speciﬁc list of users, groups, or combinations thereof.

Some operations allowed by ACLs are run as local superuser. Because ﬁles are loaded and scripts are run

as superuser, granting a user write permission on a root ﬁlesystem or insert permission on a host

effectively gives that user superuser privileges.

Protected Objects

The following objects are protected by ACLs:

• Each host system on which software is being managed by SD,

• Each root ﬁlesystem on a host (including alternate roots),

• Each software depot on a host,

• Each software product contained within a depot.

Remote Operation

You can enable SD to manage software on remote systems. To let the root user from a central SD controller

(also called the central management server or manager node) perform operations on a remote target (also

called the host or agent):

Install a special HP ServiceControl Manager ﬁleset on the remote systems. This enables remote opera-

tions by automatically setting up the root, host, and template Access Control Lists (ACLs) on the remote

machines and permitting root access from the controller system. To install the ﬁleset, run the following

command on each remote system:

swinstall -s controller:/var/opt/mx/depot11 AgentConfig.SD-CONFIG

NOTES:

• controller is the name of the central management server.

• If the target is running HP-UX 10.20, use the same command but substitute depot10 for

depot11.

• Targets previously set up by SD/OV to be managed by this controller do not need this step.

• SD does not require any other ServiceControl Manager ﬁlesets.

(Optional) swinstall , swcopy, and swremove have enhanced GUI interfaces for remote

HP-UX 11i Version 1: September 2005 − 1 − Hewlett-Packard Company Section 1M−−875