Software Distributor (SD-UX) Administration Guide HP-UX 11i v1, 11i v2, and 11i v3 (762797-001, March 2014)
Table Of Contents
- Software Distributor Administration Guide
- Contents
- HP secure development lifecycle
- About This Document
- 1 Introduction to Software Distributor
- SD-UX Overview
- SD-UX Concepts
- Using the GUI and TUI Commands
- The Terminal User Interface
- Starting the GUI/TUI Commands
- Window Components
- Opening and closing items in the object list
- Marking Items in the Object List
- Preselecting Host Files
- Software Selection Window
- Session and File Management—The File Menu
- Changing Software Views—The View Menu
- Changing Options and Refreshing the Object List—The Options Menu
- Performing Actions—The Actions Menu
- Getting Help—The Help Menu
- XToolkit Options and Changing Display Fonts
- Working from the Command Line
- 2 Installing Software
- Installation with swinstall
- Features and Limitations
- Installing with the GUI
- Installing from the Command Line
- Installation Tasks and Examples
- Updating to HP-UX 11i
- Installing Patches
- Recovering Updated Files
- Installing Software That Requires a System Reboot
- Using Software Codewords and Customer IDs
- Re-installing Software Distributor
- Installing Multiple Versions
- Installing to an Alternate Root
- Compatibility Filtering and Checking
- Software Selection Checking
- Configuring Your Installation (swconfig)
- Verifying Your Installation (swverify)
- Installation with swinstall
- 3 Managing Installed Software
- 4 Managing Software Depots
- Depot Management Commands and Concepts
- Copying Software Depots
- Registering and Unregistering Depots (swreg)
- Verifying Signed Software Signatures
- Additional Depot Management Tasks and Examples
- Combining Patch Depots
- Creating a Tape Depot for Distribution
- Setting Depot Attributes
- Creating a Network Depot
- Managing Multiple Versions of HP-UX
- Listing Registered Depots
- Listing the Contents of a Depot (swlist -d)
- Source Depot Auditing
- Verifying a Depot (swverify -d)
- Removing Software from Depots
- Removing a Depot
- 5 HP-UX Patching and Patch Management
- 6 Using Jobs and the Job Browser
- 7 Remote Operations Overview
- 8 Reliability and Performance
- 9 SD-UX Security
- 10 Creating Software Packages
- Overview of the Packaging Process
- Identifying the Products to Package
- Adding Control Scripts
- Creating a Product Specification File (PSF)
- Product Specification File Examples
- PSF Syntax
- PSF Object Syntax
- Selecting the PSF Layout Version
- PSF Value Types
- Product Specification File Semantics
- Re-Specifying Files
- Packaging the Software (swpackage)
- Packaging Tasks and Examples
- Registering Depots Created by swpackage
- Creating and Mastering a CD-ROM Depot
- Compressing Files to Increase Performance
- Packaging Security
- Repackaging or Modifying a Software Package
- Packaging In Place
- Following Symbolic Links in the Source
- Generating File Revisions
- Depots on Remote File Systems
- Verifying the Software Package
- Packaging Patch Software
- Writing to Multiple Tapes
- Making Tapes from an Existing Depot
- 11 Using Control Scripts
- Introduction to Control Scripts
- General Script Guidelines
- Packaging Control Scripts
- Using Environment Variables
- Execution of Control Scripts
- Execution of Other Commands by Control Scripts
- Control Script Input and Output
- File Management by Control Scripts
- Testing Control Scripts
- Requesting User Responses (swask)
- Request Script Tasks and Examples
- 12 Nonprivileged SD
- A Command Options
- B Troubleshooting
- Error Logging
- Common Problems
- Cannot Contact Target Host’s Daemon or Agent
- GUI Won’t Start or Missing Support Files
- Access To An Object Is Denied
- Slow Network Performance
- Connection Timeouts and Other WAN Problems
- Disk Space Analysis Is Incorrect
- Packager Fails
- Command Logfile Grows Too Large
- Daemon Logfile Is Too Long
- Cannot Read a Tape Depot
- Installation Fails
- swinstall or swremove Fails With a Lock Error
- Use of Square Brackets ([ and ]) Around an IPv6 Address Causes an Error
- Some SD commands do not work after network configuration changes
- C Replacing or Updating SD-UX
- D Software Distributor Files and File System Structure
- Glossary
- Index
the depot can be more widely opened to insertion because users with insert permission can only
copy in new products or delete their own products: you don’t have to worry about a user erroneously
deleting some critical product that they shouldn’t control.
The rationale for this protection scheme is borrowed from a mechanism introduced in the BSD file
system. With write permissions on a BSD directory, you may create a file in the directory. If the
sticky mode bit is set on the directory, only the file owner, the directory owner, or superuser may
remove or rename the file.
For example: In /tmp, owned by root, with “wide-open” write permission and the sticky bit set
manually (i.e., mode 1777), anyone can create files that nobody else (except themselves and
superuser) can remove. This makes /tmp a more secure place to store temporary work because
someone else can’t delete your files there.
Installing or copying from an unregistered depot requires the user and the target agent’s host to
have insert permission on the depot’s host. If this permission is denied to the target’s host, the
depot’s daemon log will contain the message:
ERROR: Access denied to SD agent at host lucille on
behalf of rob@lucille to start agent on unregistered
depot "/users/rob/depot." No (i)nsert permission on
host.
07/23/01 15:51:06 MDT
This message indicates it is the agent at lucille that did not have insert permission on the depot’s
host, not the user rob@lucille.
The remote host ACL must have two entries granting insert permission: one for the user, and one
for the target host.
For example, for user rob to be allowed to install a product on target host lucille from an
unregistered depot on source host desi, the command
swacl -l host @ desi
must show the minimum ACL entries
user:rob@lucille:-i-
host:lucille:-i-
Rob could alternatively register the depot with the swreg command with only the first entry above
before running swinstall or swcopy.
Host System ACLs
The host system is the highest level of protected object in SD-UX. A host ACL protects each host
system, controlling permission to create depots and roots. The host ACL may grant the following
permissions:
Table 40 Host ACL Permissions
Permission to obtain host attributes, including a list of depots and roots on the host.r (read)
Permission to change the host object.w (write)
Permission to create and register a new depot or root on the host.i (insert)
Permission to edit or change the ACL.c (control)
Permission to test access to an object and list the ACL.t (test)
A sample host-system ACL grants depot and root source creation, source listing, and ACL
administration to a user named rob and give open permission to list the depots and roots on the
host, would be:
user:rob:r-ic-
any_other:r
Since any_other does not havet (test) permission, only rob can list this ACL, because he has
c (control permission).
ACL Entries 153