Software Distributor Administration Guide HP-UX 11i v1, 11i v2, and 11i v3 (5900-2561, March 2013)

ManualsBrandsHP ManualsSoftwareHP-UX Software Distributor

161

162

163

164

165

166

167

168

169

170

• SD-UX files are protected from access by anyone other than the superuser by having the group

and other permissions of crucial directory modes set to 0.

• Only agents and daemons running on the local host access SD-UX files directly. All other

facilities (controllers, utilities, etc.) go through the agents using RPC to indirectly access files.

The agent or daemons perform authentication and authorization checks on all such operations.

• No hard links may exist that circumvent the directory protection hierarchy of the SD-UX

directories nor may symlinks exist that compromise the secrecy of the contents of those

directories containing objects that might have list restrictions in effect. Use of only a single

(canonical) path to SD-UX objects avoids any such aliasing problems.

Thus, the SD-UX files are totally protected and hidden from non-superuser access.

9.7 SD-UX Internal Authentication

This section discusses the following topics:

• SD-UX Credentials

Controllers Run with the User’s Credentials and Privileges◦

◦ Agents Run with the System’s Identity

• Security Between Hosts: The Shared Secrets File

SD-UX security does not replace DCE Security. It seeks to provide a usable protection scheme

based on the assumption that there is no hostile, concerted effort by users to do damage.

Much of the DCE security functionality used by SD-UX comes from the DCE Runtime Library that is

included in SD-UX. This library provides DCE RPC capability and some of the DCE Security Services

required to support ACLs.

Without full DCE Security Services, it is impossible to reliably prove the identity of a user making

an SD-UX RPC call; even if the source and destination of the RPC call is local. The RPC identifies

only the network address of the calling client.

9.7.1 SD-UX Credentials

A key to SD-UX security is determining which users are allowed to be involved in particular

operations. In SD-UX internal authentication, your HP-UX uid, gid, and host name are used to

establish your identity. The fact that the SD-UX controller runs with an effective uid of root (because

the controller is a setuid-root program) does not affect your identity, which is obtained from

your real uid.

When you start an RPC (as an SD-UX controller), a structure describing your identity accompanies

each call to an agent; the controller sends the user and group name of the person invoking the

RPC, as well as the host name of the system on which it is running (in DCE, called the realm).

This structure is called your credentials. Credentials consist of:

• user (principal) name

The user (or host system, for agents making RPCs to other agents) who is originating the RPC

call.

• Group name

The user’s primary group.

• Realm or local Host

The user’s host name.

The user’s credentials are passed in the RPC parameters. The agent receiving the RPC uses this

information to compare authentication credentials.

162 SD-UX Security