Manualshelf

Software Distributor Administrator Guide (September 2010)

ManualsBrandsHP ManualsSoftwareHP-UX Software Distributor
181182183184185186187188189190
Whoever creates a root, depot, or product object has full access to it as the
object_owner.
If you set up systems for remote operations (using the procedure discussed in
“Setting Up Remote Operations” (page 159)), root@central_controller has
full access to all target objects via the user:root@central_controller ACL.
If you are running as root@central_controller, the suggested security setup
should be adequate to perform all tasks.
Two templates are used to create default ACLs:
global_soc_template (applies to all new depots and roots added to the host)
global_product_template (applies for new products in depots)
9.1.2 Depots and Depot Registration
Software Distributor typically uses central depots to distribute software. You can control
access to these depots by users who will install software.
An important security consideration is that depots must be registered for nonlocal users
to have access. Only a local superuser or a user with insert permission on the host can
install from unregistered depots.
For more information, see “Registering and Unregistering Depots (swreg) (page 125)
and “Depot Management Commands and Concepts” (page 113).
9.1.3 Modifying Target Systems
You may want to set up each system to grant administrative access to the SD-UX
controller while restricting access to other systems and users.
You will need to modify ACLs on your target systems in the following cases:
To change the login name of the SD-UX administrator (the default is root).
To modify permissions for the SD-UX administrator or group of administrators.
9.2 The swacl Command
The swacl command lets you view or change ACL entries and permissions.
swacl Syntax
swacl -l level [-D acl_entry|-F acl_file|-M acl_entry]
[-f software_file][-t target_file]
[-x option=value] [-X option_file]
[software_selections] [@ target_selection]
Options and Operands
-l level Level to edit. Level designations are the literals: host, depot, root,
product, product_template, global_soc_template or
188 SD-UX Security