Software Distributor Administration Guide for HP-UX 11i

Troubleshooting

Common Problems

Appendix B468

Access To An Object Is Denied

Denial of access to SD-UX objects may have a number of causes,

including:

• ACL permissions

• Inter-host secrets

• Working with image copies of depots

Resolution Generally, when SD-UX denies access to an object, a message tells you

that you do not have the required access permission. Yet, it may be

unclear which object is not accessible. For example, when you use swcopy

to copy a product from system A to a depot, SD-UX checks these ACLs:

1. If the destination depot does NOT exist, the host ACL is checked to

verify that the user has “insert” permission.

2. If the destination depot does exist, the depot ACL is checked to verify

that the user has write permission.

3. The source depot’s ACL is checked to make sure the user has read

permission on the source depot.

4. The source product’s ACL is also checked to make sure that the user

and the destination system both have read access to the product.

If any of these access permissions is absent, the whole operation is

disallowed, and you must read the error message carefully to

understanding the exact cause. To see more about what type of security

or access problems exist, see the daemon log file on the target system:

/var/adm/sw/swagentd.log

The Effects of ACL Modifications

The default ACLs make it fairly easy to administer ACLs, but do not

always give the desired level of access control. When you change an ACL

to restrict access, especially by removing the

any_other

read permission,

you may restrict access in unexpected ways. Host entries are required for

any destination systems for swcopy and swinstall operations.

See Chapter 9, “SD-UX Security,” on page 255 for a full discussion of the

access tests performed or each operation.