Software Distributor Administrator Guide (September 2010)

ManualsBrandsHP ManualsSoftwareHP-UX Software Distributor

201

202

203

204

205

206

207

208

209

210

shows that:

• File owner is user doug.

• File’s group is admin.

• Name of the file is datafile.

• Owner permissions are read, write and execute (rwx).

• Group permissions are read and execute (r-x).

• Other permissions are read only (r-).

SD-UX commands are essentially object managers that use the SD-UX file system in

which to store their objects. There is no need to obtain access to any objects via the file

system, so the file system protection scheme is based on blocking access to the file

system directories that store these objects.

In addition to SD-UX objects, there are several administrative files (log, configuration,

and session files) that are used or managed by SD-UX. These files are not actually

SD-UX objects and are accessible via conventional commands such as editors and

printing utilities. These files are protected by conventional file system protection modes.

Many of the functions that the SD-UX agents do are privileged. Some operations, such

as installing files in system directories (e.g., in the /etc and /dev directories) and

customization of system files via control scripts, require superuser privileges. For this

reason, SD-UX agents must always run as the superuser.

Any system user may run the SD-UX controller; it is not restricted to use only by

superuser. In general, the controller does its work by making Remote Procedure Calls

(RPC) to target hosts, but it also requires special privileges occasionally to access critical

log, configuration, and session security files. Controllers are set-uid root programs

that run with the superuser privilege in effect only briefly to do critical privileged

operations, then they switch to the real uid of the user.

Here is a summary of the SD-UX file system protection scheme:

• SD-UX files are protected from access by anyone other than the superuser by

having the group and other permissions of crucial directory modes set to 0.

• Only agents and daemons running on the local host access SD-UX files directly.

All other facilities (controllers, utilities, etc.) go through the agents using RPC to

indirectly access files. The agent or daemons perform authentication and

authorization checks on all such operations.

• No hard links may exist that circumvent the directory protection hierarchy of the

SD-UX directories nor may symlinks exist that compromise the secrecy of the

contents of those directories containing objects that might have list restrictions in

effect. Use of only a single (canonical) path to SD-UX objects avoids any such

aliasing problems.

Thus, the SD-UX files are totally protected and hidden from non-superuser access.

9.6 Security on SD-UX Systems 209