Software Distributor (SD-UX) Administration Guide HP-UX 11i v1, 11i v2, and 11i v3 (762797-001, March 2014)
Table Of Contents
- Software Distributor Administration Guide
- Contents
- HP secure development lifecycle
- About This Document
- 1 Introduction to Software Distributor
- SD-UX Overview
- SD-UX Concepts
- Using the GUI and TUI Commands
- The Terminal User Interface
- Starting the GUI/TUI Commands
- Window Components
- Opening and closing items in the object list
- Marking Items in the Object List
- Preselecting Host Files
- Software Selection Window
- Session and File Management—The File Menu
- Changing Software Views—The View Menu
- Changing Options and Refreshing the Object List—The Options Menu
- Performing Actions—The Actions Menu
- Getting Help—The Help Menu
- XToolkit Options and Changing Display Fonts
- Working from the Command Line
- 2 Installing Software
- Installation with swinstall
- Features and Limitations
- Installing with the GUI
- Installing from the Command Line
- Installation Tasks and Examples
- Updating to HP-UX 11i
- Installing Patches
- Recovering Updated Files
- Installing Software That Requires a System Reboot
- Using Software Codewords and Customer IDs
- Re-installing Software Distributor
- Installing Multiple Versions
- Installing to an Alternate Root
- Compatibility Filtering and Checking
- Software Selection Checking
- Configuring Your Installation (swconfig)
- Verifying Your Installation (swverify)
- Installation with swinstall
- 3 Managing Installed Software
- 4 Managing Software Depots
- Depot Management Commands and Concepts
- Copying Software Depots
- Registering and Unregistering Depots (swreg)
- Verifying Signed Software Signatures
- Additional Depot Management Tasks and Examples
- Combining Patch Depots
- Creating a Tape Depot for Distribution
- Setting Depot Attributes
- Creating a Network Depot
- Managing Multiple Versions of HP-UX
- Listing Registered Depots
- Listing the Contents of a Depot (swlist -d)
- Source Depot Auditing
- Verifying a Depot (swverify -d)
- Removing Software from Depots
- Removing a Depot
- 5 HP-UX Patching and Patch Management
- 6 Using Jobs and the Job Browser
- 7 Remote Operations Overview
- 8 Reliability and Performance
- 9 SD-UX Security
- 10 Creating Software Packages
- Overview of the Packaging Process
- Identifying the Products to Package
- Adding Control Scripts
- Creating a Product Specification File (PSF)
- Product Specification File Examples
- PSF Syntax
- PSF Object Syntax
- Selecting the PSF Layout Version
- PSF Value Types
- Product Specification File Semantics
- Re-Specifying Files
- Packaging the Software (swpackage)
- Packaging Tasks and Examples
- Registering Depots Created by swpackage
- Creating and Mastering a CD-ROM Depot
- Compressing Files to Increase Performance
- Packaging Security
- Repackaging or Modifying a Software Package
- Packaging In Place
- Following Symbolic Links in the Source
- Generating File Revisions
- Depots on Remote File Systems
- Verifying the Software Package
- Packaging Patch Software
- Writing to Multiple Tapes
- Making Tapes from an Existing Depot
- 11 Using Control Scripts
- Introduction to Control Scripts
- General Script Guidelines
- Packaging Control Scripts
- Using Environment Variables
- Execution of Control Scripts
- Execution of Other Commands by Control Scripts
- Control Script Input and Output
- File Management by Control Scripts
- Testing Control Scripts
- Requesting User Responses (swask)
- Request Script Tasks and Examples
- 12 Nonprivileged SD
- A Command Options
- B Troubleshooting
- Error Logging
- Common Problems
- Cannot Contact Target Host’s Daemon or Agent
- GUI Won’t Start or Missing Support Files
- Access To An Object Is Denied
- Slow Network Performance
- Connection Timeouts and Other WAN Problems
- Disk Space Analysis Is Incorrect
- Packager Fails
- Command Logfile Grows Too Large
- Daemon Logfile Is Too Long
- Cannot Read a Tape Depot
- Installation Fails
- swinstall or swremove Fails With a Lock Error
- Use of Square Brackets ([ and ]) Around an IPv6 Address Causes an Error
- Some SD commands do not work after network configuration changes
- C Replacing or Updating SD-UX
- D Software Distributor Files and File System Structure
- Glossary
- Index
ACL Permissions
There are five different permissions grantable by the ACL: crwit.
Table 38 ACL Permissions
Permission to edit or change the ACL.control (c)
Permission to test access to an object (i.e., read the ACL).test (t)
Permission to install a new product, depot or root.insert (i)
Permission to change a host, depot, root or product.write (w)
Permission to list depot, roots and products and attributes.read (r)
In the ACL entry, these permissions are abbreviated c, t, i, w, and r. To grant all permissions,
you may use the shorthand letter a instead of the crwit to denote all permissions.
The meaning of permissions is different for different types of objects, and the permissions do not
have to appear in any specific order. Roots do not provide product level protection, so all
permissions on products installed on roots are controlled by the ACL protecting the root itself.
Product level protection is provided on depots in this way: the depot’s ACL protects the depot itself
while product ACLs protect the products within the depot.
The table below summarizes SD-UX object permissions and ACLs to which they may be applied.
Table 39 SD-UX ACL Permission Definitions
Allows You To:Permission
Product on DepotDepotRootHost System
Edit all ACLsc (control)
Test access to an object, read (list) the ACL itselft (test)
N/AInsert a new productInsert a new productInsert a new depot or
root
i (insert)
Change productChange depotChange root or
products
Change hostw (write)
1
Read product filesList depot and product
attributes
List root and product
attributes
List depots and rootsr (read)
2
1
Write permission means permission to change or delete the object, except the host source object may not be deleted.
2
Read permission on containers (i.e., hosts, roots, and depots) lets a user list the container contents; on products within
depots, read permission lets a user copy or install the product.
Object Protection
The control of product insert and delete permissions differs between roots and depots.
The permission for anyone to insert or delete a product on a root is contained within the root’s
ACL. If you have write permission on a root, you can change or delete any product on that root;
there is NO product level control on roots.
The depot ACL controls insertion (creation) of new products, while the inserted object has its own
ACL that controls modification and deletion. This lets the creator (owner) of a product on a depot
change or delete the product without requiring the broader write permission that could affect other
users’ products on the same depot.
This is useful for product control, because it lets you assign management control for a specific
product to a delegated administrator. Also, when a product is created on a depot, the user and
group identity of the creator is recorded in the product information.
If the product ACL contains an object_owner entry granting write permissions to the owner,
then the product creator will automatically have rights to change or delete the product. Therefore,
152 SD-UX Security