Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 Managing HP-UX Software With SD-UX: HP 9000 Computers > Chapter 9 Controlling Access to Software Objects

Task-Specific Permission Requirements
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Glossary

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

Packaging

  • If the depot does not exist, swpackage verifies that the user has insert permission on the host.

  • swpackage verifies that the user has insert permission on a depot.

  • swpackage verifies that the user has write permission on a product, if it already exists.

Listing

  • To list potential depots, the source agent verifies that the user has read permission on host.

  • To list potential products, the source agent verifies that the user has read permission on depot or root.

Copying

  • Any list operations required to facilitate this function must be checked as described in the swlist section above.

  • If the depot does not exist, swcopy verifies that the user has insert permission on the target host.

  • The agent verifies that the user has insert permission on the depot.

  • The agent verifies that the controller user has write permission on the product, if it already exists.

  • The source agent verifies that the system has read permission on the source product.

  • The source (depot) agent verifies that the depot is registered. If not, the agent verifies that the controller user and the target agent system each has insert permission on the source's host.

Installing

  • Any list operations required to facilitate this function must be checked as described in the swlist section above.

  • The agent verifies that the user has insert permission on the target root.

  • The agent verifies that the user has write permission on the root, if the product already exists.

  • The source (depot) agent verifies that the system has read permission on the source product.

  • The source (depot) agent verifies that the depot is registered. If not, the agent verifies that the controller user and the target agent system each has insert permission on the source's host.

Removal

  • If the object is a product on a depot, the agent verifies that the user has write permission on the product.

  • If the object is a product on a root, the agent verifies that the user has write permission on the root.

  • If the object is a depot or a root, or the last product contained in one of these, before removing the container the agent must verify that the user has delete permission on the root or depot.

Configuration

The same permission checks are made as for the swremove operation above, except that this command does not apply to depots.

Verify

  • If the object is a product on a depot, the agent verifies that the user has read permission on the product.

  • If the object is a product on a root, the agent verifies that the user has read permission on the root.

Registering Depots

  • To register a new depot, swreg requires "read" permission on the depot in question and "insert" permission on the host.

  • To unregister a registered depot, the swreg command requires "write" permission on the host.

Sample ACLs for Editing

Here are some examples based on the following ACL that is protecting a product (FORTRAN) created by user rob whose local host is lehi.fc.hp.com:

# swacl    Product Access Control Lists
#
# For host:  lehi:/
#
# Date:  Wed May 19 16:39:58 1993
#
# For product: FORTRAN,r=9.0,v=HP
# Object Ownership:   User=root
                      Group=sys
                      Realm=lehi.fc.hp.com
# default_realm=lehi.fc.hp.com
object_owner:crwit
user:barb:-rt
user:ramon:-rt
group:swadm:crwit
host:alma.fc.hp.com:-rt
any_other:-rt

To list the ACL for the product FORTRAN in depot /var/spool/sw (the default depot) and prepare it for editing, type:

swacl -l product FORTRAN &>acl_tmp

which will bring the above ACL into the file acl_tmp, ready for editing. Edit the acl_tmp file with any suitable text editor.

To replace the modified ACL, type:

swacl -l product -F acl_tmp FORTRAN

To edit the default product template on a depot /var/spool/sw_dev, use:

swacl -l product_template @ /var/spool/sw_dev $>tmp_file

then edit the tmp_file and replace the ACL:

swacl -l product_template -F tmp_file \
@ /var/spool/sw_dev

To delete user barb's and group swadm's entries:

swacl -D user:barb -D group:swadm -l product FORTRAN

To give user ramon permission to change the product FORTRAN:

swacl -M user:ramon:trw -l product FORTRAN

To add an entry for user pam with complete management permission:

swacl -M user:pam:a ["a" is shorthand for "crwit"]

To add an entry to grant every user in group swadm at remote hosts dewd and stewd full management control of the product FORTRAN on the default local depot:

swacl -M group:swadm@dewd:a -M group:swadm@stewd:a \
-l product FORTRAN

To list the ACL protecting the default depot at host dewd:

swacl -l depot @ dewd



How ACLs Protect Objects
  		 


Chapter 10 Creating Software Packages  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 1997 Hewlett-Packard Development Company, L.P.