Software Distributor Administrator Guide (September 2010)
object_group entry type in an ACL causes the SD-UX ACL manager to look up the
owner and group information on the object; and if a match to the requester is found,
grant permissions as specified.
There may be many user, group, and host type entries per ACL, while there may
be only one of each of object_owner, object_group and any_other. There may
be at most one local (i.e., no key) other entry and an unlimited number of remote (i.e.,
keyed) other entries.
9.5.1 ACL Keys
The second part of the ACL entry is the key. The table below lists the possible key
values for specific entry types.
Table 9-4 SD-UX ACL Entry Key Values
Key ContentEntry Type
a user name [optionally, @ remote-host]user
a group name [optionally, @ remote-host]group
a host name
host
[optionally, @ remote-host]other
no key allowed
any_other
When listing the ACL, the remote-host is printed in its Internet address form (e.g.,
15.12.89.10) if the local system cannot resolve the address from its host lookup
mechanism (DNS, NIS, or /etc/hosts). The remote-host must be recognized
(resolvable) when used in the -M and -D options. Unrecognized remote-host values
are accepted in files provided with the -F option.
NOTE: The remote-host cannot be specified in IPv6 format. This feature is not
supported in ACL entries.
9.5.2 ACL Permissions
There are five different permissions grantable by the ACL: crwit.
Table 9-5 ACL Permissions
Permission to edit or change the ACL.
control (c)
Permission to test access to an object (i.e., read the ACL).
test (t)
Permission to install a new product, depot or root.
insert (i)
Permission to change a host, depot, root or product.
write (w)
Permission to list depot, roots and products and attributes.
read (r)
9.5 ACL Entries 201