Software Distributor Administrator Guide (September 2010)

12 Nonprivileged SD

This chapter provides general guidelines on how to set up Software Distributor to run

in nonprivileged mode.

Table 12-1 Chapter Topics

Topics:

“Overview” (page 299)

“Setting Up Nonprivileged Mode” (page 300)

“Default Configuration” (page 301)

“Alternative Configuration” (page 302)

12.1 Overview

The nonprivileged mode of SD-UX lets users access application software based on their

file system permissions rather than super-user privilege implemented by SD-UX ACLs.

Nonprivileged mode is honored by almost all SD commands. You can use nonprivileged

mode for all aspects of developing, distributing, and managing applications.

12.1.1 Who Can Benefit?

Nonprivileged SD-UX is primarily intended for administrators of large data centers

who must manage in-house applications without using super-user privilege. You might

not benefit from this feature if you are a casual user wanting to manage your own

applications—unless you are experienced enough at packaging software to take

advantage of nonprivileged mode.

12.1.2 How Does It Work?

In nonprivileged mode, most SD-UX operations are done according to the invoking

user’s uid, gid, and umask. In this mode, logfiles and the installed software catalog

usually found in /var/adm/sw are stored by default in user-specific admin directories

at /var/home/USER_NAME/sw (in which USER_NAME is the user’s log-in name).

Location of the user’s admin directory and installed software catalog can be customized

using default options.

While you are using nonprivileged mode, you can also package and copy applications

that won’t be used for nonprivileged mode. However, you must use the normal mode

of SD-UX (that is with run_as_superuser set to true and permissions granted by

ACLs) to install such applications.

When packaging, file system access on the install target must be considered. See

“Packaging Software for Use in Nonprivileged Mode” (page 300).

12.1 Overview 299