Software Distributor Administration Guide HP-UX 11i v1, 11i v2, and 11i v3 (5900-2561, March 2013)

9 SD-UX Security
During the SD-UX installation, a default security setup is created. This chapter explains basic SD-UX
security, introduces the swacl command, presents examples of common tasks, and provides in-depth
discussion of how SD-UX manages security.
Table 33 Chapter Topics
Topic and Page
“Overview” (page 145)
“The swacl Command ” (page 146)
“Basic Security Tasks ” (page 148)
“How ACLs are Matched to the User ” (page 154)
ACL Entries ” (page 154)
“Security on SD-UX Systems ” (page 161)
“SD-UX Internal Authentication ” (page 162)
“RPC Authorization” (page 164)
“Security Use Models ” (page 165)
“Permission Requirements, by Command ” (page 167)
9.1 Overview
Along with the traditional HP-UX file access protection, SD-UX uses Access Control Lists (ACLs) to
authorize access to the primary objects on which it manages software:
Hosts
Roots (software installed on a host)
Depots
Products within depots
An ACL consists of a set of entries associated with an object when it is created.
9.1.1 Default Security
The following security scheme exists by default:
The local superuser always has access to all local objects.
Read access is provided to all users on the network who use the same SD-UX shared secret
via the any_other ACL.
Whoever creates a root, depot, or product object has full access to it as the object_owner.
If you set up systems for remote operations (using the procedure discussed in “Setting Up
Remote Operations (page 124)), root@central_controller has full access to all target
objects via the user:root@central_controller ACL.
If you are running as root@central_controller, the suggested security setup should be
adequate to perform all tasks.
Two templates are used to create default ACLs:
global_soc_template (applies to all new depots and roots added to the host)
global_product_template (applies for new products in depots)
9.1 Overview 145