Software Distributor Administration Guide HP-UX 11i v1, 11i v2, and 11i v3 (5900-2488, September 2012)
3. SwagentA (running as principal H) forms a request to swagentB (running where depot D
resides) to read the product.
4. SwagentB checks the ACL protecting the product to make sure that both the destination system
(principal H) and the user U have read permission before honoring the request, and the
installation proceeds.
The ACL on swagentB neither knows of nor depends on user U. The ACL on root R acts to screen
U; then (and only then) the product’s ACL acts to screen H.
As a special case, the superuser always has full permissions on a local system.
9.8.2 Local Superuser Authorization
As a special case, SD-UX always allows the local superuser full access to all local objects regardless
of ACL protections. This allows the local superuser to repair corrupted ACLs or to perform any
other operations.
9.8.2.1 Delegation
SD-UX provides a form of delegation to control access to depot-resident products: both the host
where the target agent is running and the user initiating the call must have read access.
This form of delegation passes the caller credential information to the depot agent in the RPC
options. This form of delegation works the same whether the agents are configured to use DCE or
SD-UX Internal authentication.
It is important to note that this delegation technique is provided to allow user-level access to
depot-resident products.
9.8.3 Depot Registration and Daemon/Agent Security
Because SD-UX stores its objects in the file system, someone could build a “Trojan Horse” file system
image of a software depot. This could breech the security of any system that installed products
from the false depot. To protect systems from such a situation, SD-UX requires that a depot be
registered with SD-UX (either through swcopy or by using swreg) before software may be installed
or copied from it. This check is always performed before granting access. Registration with swreg
requires insert permission in the host’s ACL.
As a special case, an unregistered depot may be used for local installation (i.e., the depot and
destination root exist on the same system) if the initiator is the local superuser or has permission
to register the depot (insert permission on the host).
The administrator of a host system must ensure the integrity of new depots before registering them
and ensure that only trustworthy users are granted permission to insert on the host.
NOTE: In addition to registering users, caution should be exercised when installing or copying
from unregistered depots.
9.9 Security Use Models
The use models below use the swadm group that is provided in the default host ACLs, which are
installed at SD-UX install-time. This group is not a part of the default HP-UX configuration, but can
be easily added. First, add the swadm group and the appropriate group members by using the
HP-UX System Administration Manager product. Next, provide the /etc/logingroup link to
/etc/group to activate HP-UX supplementary groups.
NOTE: /etc/logingroup is an HP-UX utility to support both SVR2/3 and BSD group semantics
selectively. When /etc/logingroup is linked to /etc/group, HP-UX gives BSD (and SVR4)
semantics.
9.9 Security Use Models 165