HP-UX Reference (11i v2 07/12) - 1M System Administration Commands N-Z (vol 4)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals

401

402

403

404

405

406

407

408

409

410

swacl(1M) swacl(1M)

NAME

swacl - view or modify the Access Control Lists (ACLs) which protect software products

SYNOPSIS

swacl -l level [-D acl_entry | -F

acl_ﬁle | -M acl_entry ][-f software_ﬁle ][-t target_ﬁle ]

[

-x option=value ][-X option_ﬁle ][software_selections][

@ target_selections]

Remarks

• This command supports operations on remote systems. See the Remote Operation section below

for details.

• Type

man 5 sd

to display sd(5) for an overview of all SD commands.

DESCRIPTION

The

swacl command displays or modiﬁes the Access Control Lists (ACLs) which:

• Protect the speciﬁed target_selections (hosts, software depots or root ﬁlesystems).

• Protect the speciﬁed software_selections on each of the speciﬁed target_selections (software depots

only).

All root ﬁlesystems, software depots, and products in software depots are protected by ACLs. The SD com-

mands permit or prevent speciﬁc operations based on whether the ACLs on these objects permit the opera-

tion. The

swacl command is used to view, edit, and manage these ACLs. The ACL must exist and the

user must have the appropriate permission (granted by the ACL itself) in order to modify it.

ACLs offer a greater degree of selectivity than standard ﬁle permissions. ACLs allow an object’s owner

(that is, the user who created the object) or the local superuser to deﬁne speciﬁc read, write, or modify per-

missions to a speciﬁc list of users, groups, or combinations thereof.

Some operations allowed by ACLs are run as local superuser. Because ﬁles are loaded and scripts are run

as superuser, granting a user write permission on a root ﬁlesystem or insert permission on a host

effectively gives that user superuser privileges.

Protected Objects

The following objects are protected by ACLs:

• Each host system on which software is being managed by SD,

• Each root ﬁlesystem on a host (including alternate roots),

• Each software depot on a host,

• Each software product contained within a depot.

Remote Operation

You can enable SD to manage software on remote systems. To let the root user from a central SD con-

troller (also called the central management server or manager node) perform operations on a remote target

(also called the host or agent):

1) Set up the root, host, and template Access Control Lists (ACLs) on the remote machines to permit

root access from the controller system. To do this, run the following command on each remote system:

/usr/lib/sw/mx/setaccess controller

NOTES:

• controller is the name of the central management server.

• If remote system is 11.00, make sure SD patch PHCO_22526 or a superseding patch is installed on

remote system before running setaccess.

• If remote system is older than 11.00 or for some other reason does not have setaccess in place,

copy setaccess script from an 11.11 or higher system to the remote system.

2) swinstall, swcopy, and swremove have enhanced GUI interfaces for remote operations.

Enable the enhanced GUIs by creating the .sdkey ﬁle on the controller. Use this command:

touch /var/adm/sw/.sdkey

See sd(5), swinstall(1M), swcopy(1M), swjob(1M), swlist(1M) or swremove(1M) for more information

on interactive operations.

HP-UX 11i Version 2: December 2007 Update − 1 − Hewlett-Packard Company 409