Software Distributor (SD-UX) Administration Guide HP-UX 11i v1, 11i v2, and 11i v3 (762797-001, March 2014)
Table Of Contents
- Software Distributor Administration Guide
- Contents
- HP secure development lifecycle
- About This Document
- 1 Introduction to Software Distributor
- SD-UX Overview
- SD-UX Concepts
- Using the GUI and TUI Commands
- The Terminal User Interface
- Starting the GUI/TUI Commands
- Window Components
- Opening and closing items in the object list
- Marking Items in the Object List
- Preselecting Host Files
- Software Selection Window
- Session and File Management—The File Menu
- Changing Software Views—The View Menu
- Changing Options and Refreshing the Object List—The Options Menu
- Performing Actions—The Actions Menu
- Getting Help—The Help Menu
- XToolkit Options and Changing Display Fonts
- Working from the Command Line
- 2 Installing Software
- Installation with swinstall
- Features and Limitations
- Installing with the GUI
- Installing from the Command Line
- Installation Tasks and Examples
- Updating to HP-UX 11i
- Installing Patches
- Recovering Updated Files
- Installing Software That Requires a System Reboot
- Using Software Codewords and Customer IDs
- Re-installing Software Distributor
- Installing Multiple Versions
- Installing to an Alternate Root
- Compatibility Filtering and Checking
- Software Selection Checking
- Configuring Your Installation (swconfig)
- Verifying Your Installation (swverify)
- Installation with swinstall
- 3 Managing Installed Software
- 4 Managing Software Depots
- Depot Management Commands and Concepts
- Copying Software Depots
- Registering and Unregistering Depots (swreg)
- Verifying Signed Software Signatures
- Additional Depot Management Tasks and Examples
- Combining Patch Depots
- Creating a Tape Depot for Distribution
- Setting Depot Attributes
- Creating a Network Depot
- Managing Multiple Versions of HP-UX
- Listing Registered Depots
- Listing the Contents of a Depot (swlist -d)
- Source Depot Auditing
- Verifying a Depot (swverify -d)
- Removing Software from Depots
- Removing a Depot
- 5 HP-UX Patching and Patch Management
- 6 Using Jobs and the Job Browser
- 7 Remote Operations Overview
- 8 Reliability and Performance
- 9 SD-UX Security
- 10 Creating Software Packages
- Overview of the Packaging Process
- Identifying the Products to Package
- Adding Control Scripts
- Creating a Product Specification File (PSF)
- Product Specification File Examples
- PSF Syntax
- PSF Object Syntax
- Selecting the PSF Layout Version
- PSF Value Types
- Product Specification File Semantics
- Re-Specifying Files
- Packaging the Software (swpackage)
- Packaging Tasks and Examples
- Registering Depots Created by swpackage
- Creating and Mastering a CD-ROM Depot
- Compressing Files to Increase Performance
- Packaging Security
- Repackaging or Modifying a Software Package
- Packaging In Place
- Following Symbolic Links in the Source
- Generating File Revisions
- Depots on Remote File Systems
- Verifying the Software Package
- Packaging Patch Software
- Writing to Multiple Tapes
- Making Tapes from an Existing Depot
- 11 Using Control Scripts
- Introduction to Control Scripts
- General Script Guidelines
- Packaging Control Scripts
- Using Environment Variables
- Execution of Control Scripts
- Execution of Other Commands by Control Scripts
- Control Script Input and Output
- File Management by Control Scripts
- Testing Control Scripts
- Requesting User Responses (swask)
- Request Script Tasks and Examples
- 12 Nonprivileged SD
- A Command Options
- B Troubleshooting
- Error Logging
- Common Problems
- Cannot Contact Target Host’s Daemon or Agent
- GUI Won’t Start or Missing Support Files
- Access To An Object Is Denied
- Slow Network Performance
- Connection Timeouts and Other WAN Problems
- Disk Space Analysis Is Incorrect
- Packager Fails
- Command Logfile Grows Too Large
- Daemon Logfile Is Too Long
- Cannot Read a Tape Depot
- Installation Fails
- swinstall or swremove Fails With a Lock Error
- Use of Square Brackets ([ and ]) Around an IPv6 Address Causes an Error
- Some SD commands do not work after network configuration changes
- C Replacing or Updating SD-UX
- D Software Distributor Files and File System Structure
- Glossary
- Index
# swacl -l product_template -F tmp_file \
@ /var/spool/sw_dev
To delete entries for user barb and group swadm, use:
# swacl -D user:barb -D group:swadm -l product FORTRAN
To give user ramon permission to modify the product FORTRAN, type:
# swacl -M user:ramon:trw -l product FORTRAN
To add an entry for user pam with complete management permission (“a” is shorthand for crwit),
use:
# swacl -M user:pam:a
To add an entry to grant every user in group swadm at remote hosts dewd and stewd full
management control of the product FORTRAN on the default local depot, use the following:
# swacl -M group:swadm@dewd:a -M group:swadm@stewd:a \
-l product FORTRAN
To list the ACL protecting the default depot at host dewd, type:
# swacl -l depot @ dewd
How ACLs are Matched to the User
ACL permissions are determined by a match to a single ACL entry, not to an accumulation of
matching entries. Checking is done from the most restrictive entry types to the broadest.
If a match is found in a user entry type, no further checking is done, and the permissions for that
user are fully defined by the permissions field of the matched entry. A matched user may be a
member of a group with broader permissions; this has no consequence.
NOTE: The local superuser has access to all local SD-UX objects irrespective of ACLs.
The ACL matching algorithm is:
1. If user is local superuser, then grant all permissions.
2. If user is owner of the object, then grant object_owner permissions.
3. If user matches a user entry, then grant user permissions.
4. If any group entries match, then accumulate the permissions granted by all group entries that
match the user’s primary and supplementary groups.
5. If an appropriate other entry matches, then grant other permissions.
6. If an any_other entry, then grant any_other permissions.
7. Grant no permissions.
ACL Entries
An ACL consists of a set of entries attached to an object when it is created. These entries define
which users, groups, and/or hosts have permission to access the objects. ACL entries include the
concept of a principal, which is the user, group or host system (for agents making RPCs) that
originates a call to another system.
An ACL entry consists of three fields:
entry_type[:key]:permissions
For example, an ACL entry for an SD-UX object might be:
user:fred:r-ctw
This means that a user named fred can control (c), read (r), write (w), and test (t) the
object, but the dash signifies that he cannot i (insert/create) new objects.
NOTE: You can specify crwit permissions in any order.
The ACL entry_type must be one of these values:
150 SD-UX Security