Software Distributor Administrator Guide (September 2010)
9.3 Basic Security Tasks
Along with the traditional HP-UX file access protection, authorization to access all
SD-UX objects (hosts, depots, roots, and products) is supplied by ACLs.
Figure 9-1 Access Control Lists
Host Object ACL
Host Object
Depot A
Depot Object ACL
Depot B
Depot Object ACL
Root A
Product
ACL
Product
M
Root Object ACL
Root B
Root Object ACL
Product
ACL
Product
N
Product
ACL
Product
P
Product
ACL
Product
Q
M P Q N M
(Installed Products protected
by Root ACLs.)
ACLs offer a greater degree of selectivity than do permission bits. An ACL extends the
concept of the HP-UX file system’s permission bits by letting you specify different
access rights to several individuals and groups instead of just one of each.
For example, if you set up remote operations, you must make some elementary changes
to the security ACLs on the remote systems. See “Setting Up Remote Operations”
(page 159).
The ACLs changed are those protecting the source host (the host ACL), the host’s
template ACLs used in subsequent operations to produce ACLs for products (the
global_product_template), and depot/root containers (the
global_soc_template). When changed, these ACLs grant users on the source host
the same permissions on the destination host as they have locally on the source host.
In addition, an entry for the superuser at the source host was added. This lets the
controller system’s superuser perform software distribution tasks on the remote system
without having to reconfigure ACLs.
If you need to change security, the following tasks can be performed (i.e., to understand
and modify the default setup):
• Listing user access
• Allow user to manage products in a depot
9.3 Basic Security Tasks 191