Manualshelf

Software Distributor Administrator Guide (September 2010)

ManualsBrandsHP ManualsSoftwareHP-UX Software Distributor
201202203204205206207208209210
Host ACL
The host ACL below allows global (any_other) permission to list the depots and
roots on the host:
object_owner:swadm:crwit
any_other:-r---
NOTE: Remember, the local superuser always has all permissions, even without an
ACL entry.
9.5.4.1.1 Container ACL Template
The container ACL template below grants the owner or creator (object_owner)
of a new depot or root permission to manage that new depot or root and to change
its ACL. It also grants global permission (any_other) to list products in the new
depot or root.
object_owner:crwit
any_other:-r---
9.5.4.1.2 Product ACL Template
The product ACL template below grants permission to perform all operations on
products installed on Depots on this host to the respective creator (i.e., owner),
via the object_owner entry, of each product. It also grants permission to read
(i.e., install) and test the product to any host (the any_other entry).
object_owner:crwit
any_other:-r---
In addition to encompassing all hosts, the any_other entry also applies to all
other users except, in this case, the product’s owner. In SD-UX however, product
read permission has meaning only to host principals, and other possible product
permissions never apply to hosts; therefore, the any_other entry may be
overloaded with user and host permissions, if desired, without any danger of
ambiguity. This overloading should be kept in mind when using the SD-UX to
execute solutions.
These host ACL defaults provide a good starting point for control over the management
functions of SD-UX while providing open access to read the software for installation
on root targets.
9.6 Security on SD-UX Systems
Controlling access to data is a key concern of computer security. In SD-UX, file owners
and superusers allow or deny access to files on a need-to-know basis by setting or
manipulating the file’s permission bits to grant or restrict access by owner, group and
others. For example, the following file listing:
-rwxr-xr 1 doug admin 738 Mar 26 12:25 datafile
208 SD-UX Security