Software Distributor (SD-UX) Administration Guide HP-UX 11i v1, 11i v2, and 11i v3 (762797-001, March 2014)
Table Of Contents
- Software Distributor Administration Guide
- Contents
- HP secure development lifecycle
- About This Document
- 1 Introduction to Software Distributor
- SD-UX Overview
- SD-UX Concepts
- Using the GUI and TUI Commands
- The Terminal User Interface
- Starting the GUI/TUI Commands
- Window Components
- Opening and closing items in the object list
- Marking Items in the Object List
- Preselecting Host Files
- Software Selection Window
- Session and File Management—The File Menu
- Changing Software Views—The View Menu
- Changing Options and Refreshing the Object List—The Options Menu
- Performing Actions—The Actions Menu
- Getting Help—The Help Menu
- XToolkit Options and Changing Display Fonts
- Working from the Command Line
- 2 Installing Software
- Installation with swinstall
- Features and Limitations
- Installing with the GUI
- Installing from the Command Line
- Installation Tasks and Examples
- Updating to HP-UX 11i
- Installing Patches
- Recovering Updated Files
- Installing Software That Requires a System Reboot
- Using Software Codewords and Customer IDs
- Re-installing Software Distributor
- Installing Multiple Versions
- Installing to an Alternate Root
- Compatibility Filtering and Checking
- Software Selection Checking
- Configuring Your Installation (swconfig)
- Verifying Your Installation (swverify)
- Installation with swinstall
- 3 Managing Installed Software
- 4 Managing Software Depots
- Depot Management Commands and Concepts
- Copying Software Depots
- Registering and Unregistering Depots (swreg)
- Verifying Signed Software Signatures
- Additional Depot Management Tasks and Examples
- Combining Patch Depots
- Creating a Tape Depot for Distribution
- Setting Depot Attributes
- Creating a Network Depot
- Managing Multiple Versions of HP-UX
- Listing Registered Depots
- Listing the Contents of a Depot (swlist -d)
- Source Depot Auditing
- Verifying a Depot (swverify -d)
- Removing Software from Depots
- Removing a Depot
- 5 HP-UX Patching and Patch Management
- 6 Using Jobs and the Job Browser
- 7 Remote Operations Overview
- 8 Reliability and Performance
- 9 SD-UX Security
- 10 Creating Software Packages
- Overview of the Packaging Process
- Identifying the Products to Package
- Adding Control Scripts
- Creating a Product Specification File (PSF)
- Product Specification File Examples
- PSF Syntax
- PSF Object Syntax
- Selecting the PSF Layout Version
- PSF Value Types
- Product Specification File Semantics
- Re-Specifying Files
- Packaging the Software (swpackage)
- Packaging Tasks and Examples
- Registering Depots Created by swpackage
- Creating and Mastering a CD-ROM Depot
- Compressing Files to Increase Performance
- Packaging Security
- Repackaging or Modifying a Software Package
- Packaging In Place
- Following Symbolic Links in the Source
- Generating File Revisions
- Depots on Remote File Systems
- Verifying the Software Package
- Packaging Patch Software
- Writing to Multiple Tapes
- Making Tapes from an Existing Depot
- 11 Using Control Scripts
- Introduction to Control Scripts
- General Script Guidelines
- Packaging Control Scripts
- Using Environment Variables
- Execution of Control Scripts
- Execution of Other Commands by Control Scripts
- Control Script Input and Output
- File Management by Control Scripts
- Testing Control Scripts
- Requesting User Responses (swask)
- Request Script Tasks and Examples
- 12 Nonprivileged SD
- A Command Options
- B Troubleshooting
- Error Logging
- Common Problems
- Cannot Contact Target Host’s Daemon or Agent
- GUI Won’t Start or Missing Support Files
- Access To An Object Is Denied
- Slow Network Performance
- Connection Timeouts and Other WAN Problems
- Disk Space Analysis Is Incorrect
- Packager Fails
- Command Logfile Grows Too Large
- Daemon Logfile Is Too Long
- Cannot Read a Tape Depot
- Installation Fails
- swinstall or swremove Fails With a Lock Error
- Use of Square Brackets ([ and ]) Around an IPv6 Address Causes an Error
- Some SD commands do not work after network configuration changes
- C Replacing or Updating SD-UX
- D Software Distributor Files and File System Structure
- Glossary
- Index
The set of hosts that can be managed by SD-UX can be restricted by changing the default secret
on all SD-UX controller and target hosts in the network. The default secret is found in
/var/adm/sw/security/secrets.
You may change the default secret found in this file:
default new secret
For additional information, see “Security Between Hosts: The Shared Secrets File ” (page 159).
Editing an ACL
The swacl command, when invoked without the -M, -D, or -F options, reads the specified ACL,
converts it into plain text and prints it to stdout. The output of the command can also be redirected
to a file, which can then be printed or edited. After editing, you can use the -F file option
described above to replace the entire old ACL. This procedure gives you full ACL editing capabilities.
You must have test permission within the ACL to produce the edit file (list the ACL) and control
permission to modify it with -F, -D, or -M options. All ACL entries must contain test permission.
If the replacement ACL contains no detectable errors and you have the proper permission on the
ACL, the replacement will succeed. If the replacement fails because you lack permission to make
the change, an error is generated, and the object is skipped.
You may change or delete existing entries, or you may add additional entries to the ACL.
NOTE: It is possible to edit an ACL so that you cannot access it! Caution should be used to avoid
accidentally removing your own control (c) permissions on an ACL. As a safeguard, the local
superuser may always use swacl to edit SD-UX ACLs.
Here are some examples based on the following ACL that is protecting a product (FORTRAN)
created by user rob whose local host is lehi.fc.hp.com:
# swacl Product Access Control Lists
#
# For host: lehi:/
#
# Date: Mon Nov 06 16:39:58 2001
#
# For product: FORTRAN,r=9.0,v=HP
# Object Ownership: User=root
# Group=sys
# Realm=lehi.fc.hp.com
# default_realm=lehi.fc.hp.com
object_owner:crwit
user:barb:-rt
user:ramon:-rt
group:swadm:crwit
host:alma.fc.hp.com:-rt
any_other:-rt
You can list the ACLs for the product is FORTRAN in depot /var/spool/sw (the default depot)
and prepare it for editing:
# swacl -l product FORTRAN >acl_tmp
This will bring the above ACL into the file acl_tmp, and it is ready for editing. Edit the acl_tmp
file with any suitable text editor.
To replace all entries in the ACL for FORTRAN, type:
# swacl -l product -F acl_tmp FORTRAN
To edit the default product template on a depot /var/spool/sw_dev, use:
# swacl -l product_template @ /var/spool/sw_dev >tmp_file
Then edit the tmp_file and replace the ACL:
Basic Security Tasks 149