Software Distributor Administration Guide HP-UX 11i v1, 11i v2, and 11i v3 (5900-2561, March 2013)
9.3 Basic Security Tasks
Along with the traditional HP-UX file access protection, authorization to access all SD-UX objects
(hosts, depots, roots, and products) is supplied by ACLs.
Figure 55 Access Control Lists
ACLs offer a greater degree of selectivity than do permission bits. An ACL extends the concept of
the HP-UX file system’s permission bits by letting you specify different access rights to several
individuals and groups instead of just one of each.
For example, if you set up remote operations, you must make some elementary changes to the
security ACLs on the remote systems. See “Setting Up Remote Operations” (page 124).
The ACLs changed are those protecting the source host (the host ACL), the host’s template ACLs
used in subsequent operations to produce ACLs for products (the global_product_template),
and depot/root containers (the global_soc_template). When changed, these ACLs grant
users on the source host the same permissions on the destination host as they have locally on the
source host. In addition, an entry for the superuser at the source host was added. This lets the
controller system’s superuser perform software distribution tasks on the remote system without
having to reconfigure ACLs.
If you need to change security, the following tasks can be performed (i.e., to understand and
modify the default setup):
• Listing user access
• Allow user to manage products in a depot
• Allowing users to manage roots
• Restricting read access to a depot
• Adding target hosts
• Temporarily restricting access to a depot
• Closing the SD-UX network
• Editing an ACL
9.3.1 Listing User Access
The following examples show how to list users with access to depots, targets host, target root, and
all products.
• Display the default root ACLs on a newly installed HP-UX 11i system:
swacl -l root
#
# swacl Installed Software Access Control List
148 SD-UX Security