Software Distributor Administration Guide for HP-UX 11i
SD-UX Security
Basic Security Tasks
Chapter 9 267
swacl -l depot -D any_other @ /simple_1.depot
swacl -l depot -M other:r @ /simple_1.depot
swacl -l depot @ /simple_1.depot
#
# swacl Depot Access Control List
#
# For depot: swelter:/simple_1.depot
#
# Date: Thu Mar 1 16:19:57 2001
#
# Object Ownership: User= allen
# Group=users
# Realm=swelter.fc.hp.com
#
# default_realm=swelter.fc.hp.com
object_owner:crwit
other:-r---
Local users can now access this depot as a result of the other ACL, but
remote users are refused.
To allow only user shelly on host swcrunch to access software in a depot
located on swelter, it may appear that adding a user ACL for shelly
would be sufficient:
swacl -l depot -M user:shelly@swcrunch:r @ /simple_1.depot
However, this is not enough. An attempt by shelly to access this depot
would fail with a security violation. This is because SD-UX also requires
that SD agents (the swagent process) that contacts the depot server to be
authorized via a host ACL entry_type:
swacl -l depot -M host:swcrunch:r @ /simple_1.depot
(Note that user shelly also requires appropriate ACL permission to
install software on swcrunch.)
NOTE The r (read) permission allows the user to access the depot and products,
and the t (test) permission allows the user to list the ACLs.