Software Distributor Administrator Guide (September 2010)
9.5.3.1 Host System ACLs
The host system is the highest level of protected object in SD-UX. A host ACL protects
each host system, controlling permission to create depots and roots. The host ACL may
grant the following permissions:
Table 9-7 Host ACL Permissions
Permission to obtain host attributes, including a list of depots and roots on the host.
r (read)
Permission to change the host object.
w (write)
Permission to create and register a new depot or root on the host.
i (insert)
Permission to edit or change the ACL.
c (control)
Permission to test access to an object and list the ACL.
t (test)
A sample host-system ACL grants depot and root source creation, source listing, and
ACL administration to a user named rob and give open permission to list the depots
and roots on the host, would be:
user:rob:r-ic-
any_other:r
Since any_other does not havet (test) permission, only rob can list this ACL, because
he has c (control permission).
9.5.3.2 Root ACLs
Principals (users) identified in ACLs that are protecting roots are granted permission
to manage installed products. The permissions associated with a root are:
Table 9-8 Root Permissions
Permission to install a new product.
i(insert)
Permission to list the contents of the root.
r(read)
Permission to delete the root itself or the products in the root.
w(write)
Permission to edit or change the ACL.
c(control)
Permission to test access to an object and list the ACL.
t (test)
A sample root ACL that grants a user named lois permission to read, write, and insert
software and members of the group named swadm all possible permissions is:
user:lois:rwi-
group:swadm:crwit
When a root is created, it is automatically protected by a default ACL derived from its
host. Use swacl to change the initial values of this ACL. For additional information,
see “ACL Templates ” (page 206).
204 SD-UX Security