Manualshelf

HP-UX Reference (11i v3 07/02) - 1M System Administration Commands N-Z (vol 4)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals
421422423424425426427428429430
s
swacl(1M) swacl(1M)
r ead Grants permission to read the object. On
host, depot,or root objects, read permis-
sion allows
swlist operations. On products within depots, read permission allows pro-
duct files to be installed or copied with
swinstall or swcopy.
w rite Grants permission to modify the object itself.
On a root object (e.g. installed root filesystem), this also grants permission to modify
the products installed (contained) within it.
On a depot object, it does not grant permission to modify the products contained
within it. Write access on products is required to modify products in a depot.
On a
host container, write permission grants permission to unregister depots. It
does not grant permission to modify the depots or roots contained within it.
i nsert On a host object, grants permission to create (insert) a new software depot or root
filesystem object, and to register roots and depots. On a
depot object, grants permis-
sion to create (insert) a new product object into the
depot.
c ontrol Grants permission to modify the ACL using
swacl.
t est Grants permission to perform access checks and to list the ACL.
a ll A wildcard which grants all of the above permissions. It is expanded by swacl
to
crwit.
List Output Format
The output of a list operation is in the following format:
# swacl Object_type Access Control List
#
# For
depot|host:[host]:[/directory]
#
# Date:
date_stamp
#
# Object Ownership: User=
user_name
# Group= group_name
# Realm= host_name
#
# default_realm =
host_name
entry_type:[key:]permissions
entry_type:[key:]permissions
entry_type:[key:]permissions
You can save this output into a file, modified it, then use it as input to a
swacl modify operation (see the
-F option above).
Object Ownership
An owner is also associated with every SD object, as defined by the user name, group and hostname. The
owner is the user who created the object. When using swacl to view an ACL, the owner is printed as a
comment in the header.
Default Realm
An ACL defines a default realm for an object. The realm is currently defined as the name of the host sys-
tem on which the object resides. When using swacl to view an ACL, the default realm is printed as a
comment in the header.
Keys
Expressions (patterns) are not permitted in keys.
A key is required for user, group and host entry types. A key is optional for other entry types, and
specifies the hostname to which the entry applies. Only one other entry type may exist without a key,
and this entry applies to users at the default realm (host) of the ACL.
A hostname in a key is listed in its Internet address format (dot notation) if swacl cannot resolve the
address using the local lookup mechanism (DNS, NIS, or /etc/hosts). A hostname within an ACL entry
must be resolvable when used with the -D and -M options. Unresolvable hostname values are accepted in
files provided with the -F option.
422 Hewlett-Packard Company 7 HP-UX 11i Version 3: February 2007