Software Distributor Administration Guide HP-UX 11i v1, 11i v2, and 11i v3 (5900-2561, March 2013)
You should also not have products that are being tested, coming and going on wide-use depots
and roots. They might accidentally be installed or used before they are ready.
The recommended method of development is to provide one or more development depots and
roots for testing purposes, each with protections customized to meet the needs of the development
group using them. To this end, the default ACL template mechanism described previously is handy,
since products come and go quickly.
A host administrator (someone with insert permission on the host) should create the test depot for
developers, then assign a depot administrator and edit the depot ACL to grant that person control
(ACL edit) permission on the depot. The depot’s product ACL template should then be set up so
that users inserting a product may also write (modify and delete) it, and so that it may be read
only by the known test systems.
Similarly, test roots may be created, perhaps on other test hosts, to which developers may install
test products. Access to install to the test root should be restricted to the development group.
When testing is complete and a product is ready for release, the product may then be copied to
a general distribution depot to make it more widely readable without exposing all the untested
products on the test depot.
There are many additional ways in which these basic concepts may be used to implement a desired
security policy for product development.
9.10 Permission Requirements, by Command
9.10.1 Packaging (swpackage)
• If the depot does not exist, swpackage verifies that the user has insert permission on the target
host.
• swpackage verifies that the user has insert permission on a target depot.
• swpackage verifies that the user has write permission on target product, if it already exists.
9.10.2 Listing (swlist)
• To list potential depots, the source agent verifies that the controller user has read permission
on host.
• To list potential products, the source agent verifies that the controller user has read permission
on depot or root.
9.10.3 Job Browsing (sd, swjob)
• To use the CLI (swjob) or GUI (sd) to view information about jobs initiated from a local host,
the controller verifies that the user has read permission on the host.
• To use the command line or GUI to retrieve a target log file, the target agent verifies that the
controller user has read access on the root or depot target.
9.10.4 Copying (swcopy)
• Any list operations required to facilitate this function must be checked as described in the
swlist section above.
• If the depot does not exist, swcopy verifies that the user has insert permission on the target
host.
• The target agent verifies that the controller user has insert permission on the target depot.
• The target agent verifies that the controller user has write permission on the target product, if
it already exists.
9.10 Permission Requirements, by Command 167