Software Distributor Administration Guide for HP-UX 11i
SD-UX Security
ACL Entries
Chapter 9284
NOTE Remember, the local superuser always has all permissions, even without
an ACL entry.
Container ACL Template
• The container ACL template below grants the owner or creator
(object_owner) of a new depot or root permission to manage that
new depot or root and to change its ACL. It also grants global
permission (any_other) to list products in the new depot or root.
object_owner:crwit
any_other:-r---
Product ACL Template
• The product ACL template below grants permission to perform all
operations on products installed on Depots on this host to the
respective creator (i.e., owner), via the object_owner entry, of each
product. It also grants permission to read (i.e., install) and test the
product to any host (the any_other entry).
object_owner:crwit
any_other:-r---
• In addition to encompassing all hosts, the any_other entry also
applies to all other users except, in this case, the product’s owner. In
SD-UX however, product read permission has meaning only to host
principals, and other possible product permissions never apply to
hosts; therefore, the any_other entry may be overloaded with user
and host permissions, if desired, without any danger of ambiguity.
This overloading should be kept in mind when using the SD-UX to
execute solutions.
These host ACL defaults provide a good starting point for control over
the management functions of SD-UX while providing open access to read
the software for installation on root targets.