Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 Software Distributor Administration Guide: HP-UX 11i v1, 11i v2, and 11i v3 > Chapter 9 SD-UX Security

Overview
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Glossary

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

Along with the traditional HP-UX file access protection, SD-UX uses Access Control Lists (ACLs) to authorize access to the primary objects on which it manages software:

  • Hosts

  • Roots (software installed on a host)

  • Depots

  • Products within depots

An ACL consists of a set of entries associated with an object when it is created.

Default Security

The following security scheme exists by default:

  • The local superuser always has access to all local objects.

  • Read access is provided to all users on the network who use the same SD-UX shared secret via the any_other ACL.

  • Whoever creates a root, depot, or product object has full access to it as the object_owner.

  • If you set up systems for remote operations (using the procedure discussed in “Setting Up Remote Operations”), root@central_controller has full access to all target objects via the user:root@central_controller ACL.

If you are running as root@central_controller, the suggested security setup should be adequate to perform all tasks.

Two templates are used to create default ACLs:

  • global_soc_template (applies to all new depots and roots added to the host)

  • global_product_template (applies for new products in depots)

Depots and Depot Registration

Software Distributor typically uses central depots to distribute software. You can control access to these depots by users who will install software.

An important security consideration is that depots must be registered for nonlocal users to have access. Only a local superuser or a user with insert permission on the host can install from unregistered depots.

For more information, see “Registering and Unregistering Depots (swreg) ” and “Depot Management Commands and Concepts”.

Modifying Target Systems

You may want to set up each system to grant administrative access to the SD-UX controller while restricting access to other systems and users.

You will need to modify ACLs on your target systems in the following cases:

  • To change the login name of the SD-UX administrator (the default is root).

  • To modify permissions for the SD-UX administrator or group of administrators.



Chapter 9 SD-UX Security
  		 


The swacl Command  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 1997, 2000-2003, 2006, 2007, 2008 Hewlett-Packard Development Company, L.P.