Software Distributor (SD-UX) Administration Guide HP-UX 11i v1, 11i v2, and 11i v3 (762797-001, March 2014)
Table Of Contents
- Software Distributor Administration Guide
- Contents
- HP secure development lifecycle
- About This Document
- 1 Introduction to Software Distributor
- SD-UX Overview
- SD-UX Concepts
- Using the GUI and TUI Commands
- The Terminal User Interface
- Starting the GUI/TUI Commands
- Window Components
- Opening and closing items in the object list
- Marking Items in the Object List
- Preselecting Host Files
- Software Selection Window
- Session and File Management—The File Menu
- Changing Software Views—The View Menu
- Changing Options and Refreshing the Object List—The Options Menu
- Performing Actions—The Actions Menu
- Getting Help—The Help Menu
- XToolkit Options and Changing Display Fonts
- Working from the Command Line
- 2 Installing Software
- Installation with swinstall
- Features and Limitations
- Installing with the GUI
- Installing from the Command Line
- Installation Tasks and Examples
- Updating to HP-UX 11i
- Installing Patches
- Recovering Updated Files
- Installing Software That Requires a System Reboot
- Using Software Codewords and Customer IDs
- Re-installing Software Distributor
- Installing Multiple Versions
- Installing to an Alternate Root
- Compatibility Filtering and Checking
- Software Selection Checking
- Configuring Your Installation (swconfig)
- Verifying Your Installation (swverify)
- Installation with swinstall
- 3 Managing Installed Software
- 4 Managing Software Depots
- Depot Management Commands and Concepts
- Copying Software Depots
- Registering and Unregistering Depots (swreg)
- Verifying Signed Software Signatures
- Additional Depot Management Tasks and Examples
- Combining Patch Depots
- Creating a Tape Depot for Distribution
- Setting Depot Attributes
- Creating a Network Depot
- Managing Multiple Versions of HP-UX
- Listing Registered Depots
- Listing the Contents of a Depot (swlist -d)
- Source Depot Auditing
- Verifying a Depot (swverify -d)
- Removing Software from Depots
- Removing a Depot
- 5 HP-UX Patching and Patch Management
- 6 Using Jobs and the Job Browser
- 7 Remote Operations Overview
- 8 Reliability and Performance
- 9 SD-UX Security
- 10 Creating Software Packages
- Overview of the Packaging Process
- Identifying the Products to Package
- Adding Control Scripts
- Creating a Product Specification File (PSF)
- Product Specification File Examples
- PSF Syntax
- PSF Object Syntax
- Selecting the PSF Layout Version
- PSF Value Types
- Product Specification File Semantics
- Re-Specifying Files
- Packaging the Software (swpackage)
- Packaging Tasks and Examples
- Registering Depots Created by swpackage
- Creating and Mastering a CD-ROM Depot
- Compressing Files to Increase Performance
- Packaging Security
- Repackaging or Modifying a Software Package
- Packaging In Place
- Following Symbolic Links in the Source
- Generating File Revisions
- Depots on Remote File Systems
- Verifying the Software Package
- Packaging Patch Software
- Writing to Multiple Tapes
- Making Tapes from an Existing Depot
- 11 Using Control Scripts
- Introduction to Control Scripts
- General Script Guidelines
- Packaging Control Scripts
- Using Environment Variables
- Execution of Control Scripts
- Execution of Other Commands by Control Scripts
- Control Script Input and Output
- File Management by Control Scripts
- Testing Control Scripts
- Requesting User Responses (swask)
- Request Script Tasks and Examples
- 12 Nonprivileged SD
- A Command Options
- B Troubleshooting
- Error Logging
- Common Problems
- Cannot Contact Target Host’s Daemon or Agent
- GUI Won’t Start or Missing Support Files
- Access To An Object Is Denied
- Slow Network Performance
- Connection Timeouts and Other WAN Problems
- Disk Space Analysis Is Incorrect
- Packager Fails
- Command Logfile Grows Too Large
- Daemon Logfile Is Too Long
- Cannot Read a Tape Depot
- Installation Fails
- swinstall or swremove Fails With a Lock Error
- Use of Square Brackets ([ and ]) Around an IPv6 Address Causes an Error
- Some SD commands do not work after network configuration changes
- C Replacing or Updating SD-UX
- D Software Distributor Files and File System Structure
- Glossary
- Index
There are also two ACLs on product depots:
• The depot’s ACL that is used to determine permissions on the depot.
• The depot’s product ACL template (product_template) that is used to initialize the ACLs
protecting new products on the depot.
There is one ACL on the installation (root):
• The root ACL that protects the root and products installed on it.
And finally, there is one ACL on the product:
• The product’s ACL that is used to determine permissions on the product.
Every host must have an ACL protecting it and a pair of template ACLs (product and container) to
provide initialization data for implicit depot and product ACLs. All three are created when SD-UX
is installed on the host.
Default ACL Template Entries
The host system’s container ACL template dictates initial permissions on all depots and roots that
are introduced on that host. The host also contains a master copy of a product ACL template, which
is copied to each new depot.
A default set of host ACLs is provided at the time SD-UX is installed that can be altered by the
SD-UX administrator. The contents of these host-system ACLs immediately after SD-UX installation
are:
Host ACL
• The host ACL below allows global (any_other) permission to list the depots and roots on
the host:
object_owner:swadm:crwit
any_other:-r---
NOTE: Remember, the local superuser always has all permissions, even without an ACL entry.
Container ACL Template
• The container ACL template below grants the owner or creator (object_owner) of a new
depot or root permission to manage that new depot or root and to change its ACL. It also
grants global permission (any_other) to list products in the new depot or root.
object_owner:crwit
any_other:-r---
Product ACL Template
• The product ACL template below grants permission to perform all operations on products
installed on Depots on this host to the respective creator (i.e., owner), via the object_owner
entry, of each product. It also grants permission to read (i.e., install) and test the product to
any host (the any_other entry).
object_owner:crwit
any_other:-r---
• In addition to encompassing all hosts, the any_other entry also applies to all other users
except, in this case, the product’s owner. In SD-UX however, product read permission has
meaning only to host principals, and other possible product permissions never apply to hosts;
therefore, the any_other entry may be overloaded with user and host permissions, if desired,
without any danger of ambiguity. This overloading should be kept in mind when using the
SD-UX to execute solutions.
These host ACL defaults provide a good starting point for control over the management functions
of SD-UX while providing open access to read the software for installation on root targets.
156 SD-UX Security