Software Distributor Administrator Guide (September 2010)

ManualsBrandsHP ManualsSoftwareHP-UX Software Distributor

261

262

263

264

265

266

267

268

269

270

type with the compression_type option or specify a compression command with

the compression_command option.

This option should be set to true only when network bandwidth is clearly restricting

total throughput. If it is not clear that this option will help, compare packaging

operations both with and without compression before consistently using this option.

See Appendix A (page 303) for more information on using command options.

NOTE: swpackage cannot compress files when writing to a tape.

10.6.4 Packaging Security

SD-UX provides Access Control Lists (ACLs) to authorize who has permission to

perform specific operations on depots. Because the swpackage command creates and

modifies local depots only, the SD-UX security provisions for remote operations do

not apply to swpackage. See Chapter 9: “SD-UX Security ” (page 187) for more

information on ACLs.

The swpackage command operates as setuid root, that is, the Package Selection

phase operates as the invoking user, the Analysis and Packaging phases operate as the

superuser. The superuser owns and manages all depots and therefore has all permissions

for all operations on a depot. If the depot happens to be on an NFS volume, access

problems will not arise from ACLs, but will arise if the local superuser does not have

NFS root access on the NFS mounted file system.

If you are not the local superuser, you will not have permission to create or modify a

depot unless the local superuser grants you permission.

swpackage checks and enforces the following permissions:

1. Can you create a new depot?

Superuser Yes

Other Yes, if the ACL for the local host grants the user “insert”

permission, i.e. permission to insert a new depot into the host.

If the proper permissions are not in place and the depot is a new

one, swpackage terminates with an error.

2. Can you create a new product?

Superuser Yes

Other Yes, if the depot is new and you passed check #1 above or if the

ACL for an existing depot grants you insert permission, i.e.

permission to change the contents of the depot (by adding a new

product).

If you are denied authorization to create a new product,

swpackage generates an error message and excludes the product

from the session.

262 Creating Software Packages