Software Distributor Administration Guide HP-UX 11i v1, 11i v2, and 11i v3 (5900-2561, March 2013)

A sample host-system ACL grants depot and root source creation, source listing, and ACL
administration to a user named rob and give open permission to list the depots and roots on the
host, would be:
user:rob:r-ic-
any_other:r
Since any_other does not havet (test) permission, only rob can list this ACL, because he has
c (control permission).
9.5.3.2 Root ACLs
Principals (users) identified in ACLs that are protecting roots are granted permission to manage
installed products. The permissions associated with a root are:
Table 40 Root Permissions
Permission to install a new product.i(insert)
Permission to list the contents of the root.r(read)
Permission to delete the root itself or the products in the root.w(write)
Permission to edit or change the ACL.c(control)
Permission to test access to an object and list the ACL.t (test)
A sample root ACL that grants a user named lois permission to read, write, and insert software
and members of the group named swadm all possible permissions is:
user:lois:rwi-
group:swadm:crwit
When a root is created, it is automatically protected by a default ACL derived from its host. Use
swacl to change the initial values of this ACL. For additional information, see ACL Templates ”
(page 159).
9.5.3.3 Depot ACLs
Principals identified in ACLs that are protecting depots are users who have been granted permission
to manage the depot and to create new products. The permissions associated with a depot are:
Table 41 Depot Permissions
Permission to copy a new product into the depot.i(insert)
Permission to list the contents (products) of the depot source.r (read)
Permission to delete the depot (if it is empty), and unregister itself (not the products in
the depot).
w (write)
Permission to edit or change the ACL.c (control)
Permission to test access to an object and list the ACL.t (test)
A sample depot ACL that grants its creator all permissions; user george permission to list and
insert software products; members of group swadm permission to list and insert products, change
the ACL and delete the depot itself; and everyone else permission to list the contents of the depot,
would be:
object_owner:crwit
user:george:-r-i-
group:swadm:crwi-
any_other:-r-
When a depot source object is created, it is automatically protected by a default ACL derived from
its host. Products inserted in that depot will automatically be protected by an ACL derived from the
depot. This concept is discussed in the ACL Templates ” (page 159).
158 SD-UX Security