Software Distributor Administrator Guide (September 2010)
You must have test permission within the ACL to produce the edit file (list the ACL)
and control permission to modify it with -F, -D, or -M options. All ACL entries must
contain test permission.
If the replacement ACL contains no detectable errors and you have the proper
permission on the ACL, the replacement will succeed. If the replacement fails because
you lack permission to make the change, an error is generated, and the object is skipped.
You may change or delete existing entries, or you may add additional entries to the
ACL.
NOTE: It is possible to edit an ACL so that you cannot access it! Caution should be
used to avoid accidentally removing your own control (c) permissions on an ACL. As
a safeguard, the local superuser may always use swacl to edit SD-UX ACLs.
Here are some examples based on the following ACL that is protecting a product
(FORTRAN) created by user rob whose local host is lehi.fc.hp.com:
# swacl Product Access Control Lists
#
# For host: lehi:/
#
# Date: Mon Nov 06 16:39:58 2001
#
# For product: FORTRAN,r=9.0,v=HP
# Object Ownership: User=root
# Group=sys
# Realm=lehi.fc.hp.com
# default_realm=lehi.fc.hp.com
object_owner:crwit
user:barb:-rt
user:ramon:-rt
group:swadm:crwit
host:alma.fc.hp.com:-rt
any_other:-rt
You can list the ACLs for the product is FORTRAN in depot /var/spool/sw (the
default depot) and prepare it for editing:
# swacl -l product FORTRAN >acl_tmp
This will bring the above ACL into the file acl_tmp, and it is ready for editing. Edit
the acl_tmp file with any suitable text editor.
To replace all entries in the ACL for FORTRAN, type:
# swacl -l product -F acl_tmp FORTRAN
To edit the default product template on a depot /var/spool/sw_dev, use:
# swacl -l product_template @ /var/spool/sw_dev >tmp_file
Then edit the tmp_file and replace the ACL:
198 SD-UX Security