Software Distributor Administration Guide for HP-UX 11i
SD-UX Security
RPC Authorization
Chapter 9 293
4. SwagentB checks the ACL protecting the product to make sure that
both the destination system (principal H) and the user U have read
permission before honoring the request, and the installation
proceeds.
The ACL on swagentB neither knows of nor depends on user U. The ACL
on root R acts to screen U; then (and only then) the product’s ACL acts to
screen H.
As a special case, the superuser always has full permissions on a local
system.
Local Superuser Authorization
As a special case, SD-UX always allows the local superuser full access to
all local objects regardless of ACL protections. This allows the local
superuser to repair corrupted ACLs or to perform any other operations.
Delegation
SD-UX provides a form of delegation to control access to depot-resident
products: both the host where the target agent is running and the user
initiating the call must have read access.
This form of delegation passes the caller credential information to the
depot agent in the RPC options. This form of delegation works the same
whether the agents are configured to use DCE or SD-UX Internal
authentication.
It is important to note that this delegation technique is provided to allow
user-level access to depot-resident products.
Depot Registration and Daemon/Agent Security
Because SD-UX stores its objects in the file system, someone could build
a “Trojan Horse” file system image of a software depot. This could breech
the security of any system that installed products from the false depot.
To protect systems from such a situation, SD-UX requires that a depot be
registered with SD-UX (either through swcopy or by using swreg) before
software may be installed or copied from it. This check is always
performed before granting access. Registration with swreg requires
insert permission in the host’s ACL.