Software Distributor Administration Guide HP-UX 11i v1, 11i v2, and 11i v3 (5900-2561, March 2013)
or created by a non super-user when the run_as_superuser option is set to true and using
ACL permissions). This limitation does not apply to tape or CD-ROM source depots.
• swinstall and swcopy in nonprivileged mode can read any remote source depot as
allowed by ACLs, can read local source depots created by the invoking user in nonprivileged
mode, and (depending on the umask of other users) can read local source depots created by
other users in nonprivileged mode.
12.2 Setting Up Nonprivileged Mode
Nonprivileged SD is controlled by two options:
• admin_directory
• run_as_superuser
The run_as_superuser option turns nonprivileged mode on or off and is all that is necessary
to run the default configuration. (See “Turning On Nonprivileged Mode” (page 232) and “Default
Configuration” (page 233).)
The admin_directory option lets you set up an alternative configuration. (See “Alternative
Configuration” (page 233).)
12.2.1 Packaging Software for Use in Nonprivileged Mode
In addition to these options, software applications to be used under nonprivileged mode have
special packaging requirements.
For nonprivileged mode to function:
• You must package applications and install them so that the files are installed in locations
writable by the user who will install the applications. This can be done by:
◦ Using the directory keyword in the PSF during packaging
◦ By appending a location to the software specifications when you invoke a command
from the command line. (See “Software Selections” (page 35).)
• Scripts packaged into the application must be designed not to require super-user privilege.
12.2.2 Turning On Nonprivileged Mode
SD functions in nonprivileged mode only when the run_as_superuser option is set to false and
the invoking user is not super-user.
This option applies to all SD-UX commands except swagent, swagentd, swjob, and install-sd. When
you set this option to false, any command to which it applies will run in nonprivileged mode. For
example:
• Including -x run_as_superuser=false on the command line invokes nonprivileged
mode for that command only.
• Including -x run_as_superuser=false in your $HOME/.swdefaults directory invokes
nonprivileged mode for any or all SD-UX commands that you run.
• Including -x run_as_superuser=false in /var/adm/sw/defaults invokes
nonprivileged mode for all SD-UX commands on the system.
See Appendix A (page 235) for complete information on using these options.
NOTE: This option is ignored (treated as true) when the invoking user is super-user.
232 Nonprivileged SD