Software Distributor Administration Guide HP-UX 11i v1, 11i v2, and 11i v3 (5900-2561, March 2013)

ManualsBrandsHP ManualsSoftwareHP-UX Software Distributor

151

152

153

154

155

156

157

158

159

160

NOTE: You can specify crwit permissions in any order.

The ACL entry_type must be one of these values:

Table 35 SD-UX ACL Entry Types

Permissions Apply ToType

User principal, whose name is to be specified in the key

field

user

Group principal, whose name is to be specified in the key

field

group

Host systems (target agents acting on behalf of users for

install or copy)

host

Principals with no matching user and group entriesother

Principals not matching any other entryany_other

Owner of the objectobject_owner

Members of the group to which an object belongsobject_group

NOTE: The host cannot be specified in the IPv6 format. This feature is not supported in ACL

entries.

TIP: Do not confuse the host object (which is a computer system that contains depots, roots, and

software) with the host entry type (which defines permissions for access to target systems).

The user and group of the object’s owner are determined and automatically recorded at the time

the object is created (based on the identity of the person who creates it). This information is recorded

as user, group, and realm. An object_owner or object_group entry type in an ACL

causes the SD-UX ACL manager to look up the owner and group information on the object; and if

a match to the requester is found, grant permissions as specified.

There may be many user, group, and host type entries per ACL, while there may be only one

of each of object_owner, object_group and any_other. There may be at most one local

(i.e., no key) other entry and an unlimited number of remote (i.e., keyed) other entries.

9.5.1 ACL Keys

The second part of the ACL entry is the key. The table below lists the possible key values for specific

entry types.

Table 36 SD-UX ACL Entry Key Values

Key ContentEntry Type

a user name [optionally, @ remote-host]user

a group name [optionally, @ remote-host]group

a host namehost

[optionally, @ remote-host]other

no key allowedany_other

When listing the ACL, the remote-host is printed in its Internet address form (e.g., 15.12.89.10)

if the local system cannot resolve the address from its host lookup mechanism (DNS, NIS, or

/etc/hosts). The remote-host must be recognized (resolvable) when used in the -M and -D

options. Unrecognized remote-host values are accepted in files provided with the -F option.

9.5 ACL Entries 155