swacl(1M)swacl(1M)NAMEswacl - view or modify the Access Control Lists (ACLs) which protect
software products
swfixrealm - updates default_realm in all SD ACL files
SYNOPSIS
level acl_entry| acl_file| acl_entry] software_file] target_file]
option=value] option_file] [software_selections] target_selec‐
tions]
Remarks
· The command supports operations on remote systems. See the
section below for details.
· Type to display sd(5) for an overview of all SD commands.
· The command can only be run by superuser.
· When operating on local ACLs with a command released in the
year 2008 or later, messages previously written to are
instead written to stderr of the command. Messages describ‐
ing changed ACLs are written to stderr and to
DESCRIPTION
The command displays or modifies the Access Control Lists (ACLs) which:
· Protect the specified target_selections (hosts, software
depots or root filesystems).
· Protect the specified software_selections on each of the
specified target_selections (software depots only).
All root filesystems, software depots, and products in software depots
are protected by ACLs. The SD commands permit or prevent specific
operations based on whether the ACLs on these objects permit the opera‐
tion. The command is used to view, edit, and manage these ACLs. The
ACL must exist and the user must have the appropriate permission
(granted by the ACL itself) in order to modify it.
ACLs offer a greater degree of selectivity than standard file permis‐
sions. ACLs allow an object's owner (that is, the user who created the
object) or the local superuser to define specific read, write, or mod‐
ify permissions to a specific list of users, groups, or combinations
thereof.
Some operations allowed by ACLs are run as local superuser. Because
files are loaded and scripts are run as superuser, granting a user
write permission on a root filesystem or insert permission on a host
effectively gives that user superuser privileges.
Protected Objects
The following objects are protected by ACLs:
· Each host system on which software is being managed by SD,
· Each root filesystem on a host (including alternate roots),
· Each software depot on a host,
· Each software product contained within a depot.
Remote Operation
You can enable SD to manage software on remote systems. To let the
root user from a central SD controller (also called the central manage‐
ment server or manager node) perform operations on a remote target
(also called the host or agent):
1) Set up the root, host, and template Access Control Lists (ACLs) on
the remote machines to permit root access from the controller sys‐
tem. To do this, run the following command on each remote system:
NOTES:
· controller is the name of the central management server.
· If remote system is 11.00, make sure SD patch PHCO_22526 or a
superseding patch is installed on remote system before running
· If remote system is older than 11.00 or for some other reason
does not have in place, copy script from an 11.11 or higher
system to the remote system.
2) have enhanced GUI interfaces for remote operations. Enable the
enhanced GUIs by creating the file on the controller. Use this
command:
See sd(5), swinstall(1M), swcopy(1M), swjob(1M), swlist(1M) or
swremove(1M) for more information on interactive operations.
NOTE: You can also set up remote access by using directly on the remote
machines to grant root or non-root access to users from the controller
system.
Options
If the or option is not specified, prints the requested ACL(s) to the
standard output.
The command supports the following options:
Deletes an existing entry from the ACL associated with the spec‐
ified object(s).
For this option, the permission field of the ACL
entry is not required. You can specify multiple
options. See the heading for more information.
Read the list of
software_selections from software_file instead of
(or in addition to) the command line.
Assigns the ACL contained in
acl_file to the object. All existing entries are
removed and replaced by the entries in the file.
Only the ACL's entries are replaced; none of the
information contained in the comment portion
(lines with the prefix of an ACL listing is modi‐
fied with this option. The acl_file is usually
the edited output of a list operation.
If the replacement ACL contains no syntax errors
and the user has control permission on the ACL
(or is the local superuser), the replacement suc‐
ceeds.
Defines which level of SD ACLs to view/modify.
The supported levels of depot, host, root, and
product objects that can be protected are:
View/modify the ACL protecting the software
depot(s) identified by the
target_selections.
View/modify the ACL protecting the host system(s)
identified by the
target_selections.
View/modify the ACL protecting the root filesys‐
tem(s) identified by the
target_selections.
View/modify the ACL protecting the software prod‐
uct identified by the
software_selection. Applies only to
products in depots, not installed
products in roots.
The supported levels of templates are:
View/modify the template ACL
used to initialize the ACL(s) of future
software depot(s) or root filesystem(s)
added to the host(s) identified by the
target_selections. Additionally, can cre‐
ate templates that you can re-use to cre‐
ate new ACLs.
View/modify the template ACL
used to initialize the ACL(s) of future
software depot(s) added to the host(s)
identified by the target_selections.
View/modify the template ACL
used to initialize the ACL(s) of future
product(s) added to the software depot(s)
identified by the target_selections.
Adds a new ACL entry or changes the permissions of an existing
entry.
You can specify multiple options. See the head‐
ing for more information.
Read the list of
target_selections from file instead of (or in
addition to) the command line.
Set the session
option to value and override the default value
(or a value in an alternate option_file specified
with the option). You can specify multiple
options.
Read the session options and behaviors from
option_file.
You can specify only one of the or options at each invocation of
Operands
Most SD commands support two types of operands: followed by These oper‐
ands are separated by the "at" character. This syntax implies that the
command operates on "software selections at targets".
Software Selections
The command supports the following syntax for each software_selection:
· You can specify selections with the following shell wildcard
and pattern-matching notations:
· The software specification selects all products in the depot
when used with
The version component usually has the following form:
· The <op> (relational operator) component can take the form:
or
which performs individual comparisons on dot-separated
fields.
For example, chooses all revisions greater than or equal to
The system compares each dot-separated field to find matches.
Shell patterns are not allowed with these operators.
· The (equals) relational operator lets you specify selections
with the shell wildcard and pattern-matching notations:
For example, the expression returns any revision in version
10 or version 11.
· All version components are repeatable within a single speci‐
fication (for example, If multiple components are used, the
selection must match all components.
· Fully qualified software specs include the and version compo‐
nents even if they contain empty strings.
· No space or tab characters are allowed in a software selec‐
tion.
· The software can take the place of the version component. It
has the form:
[instance_id]
within the context of an exported catalog, where is an inte‐
ger that distinguishes versions of products and bundles with
the same tag.
Target Selections
The SD commands support this syntax for each target_selection.
A host may be specified by its host name, domain name, or Internet
address. If host is specified, the directory must be an absolute path.
To specify a relative path when no host is specified, the relative path
must start with or otherwise, the specified name is considered as a
host.
Target Selections with IPv6 Address
SD commands also support specifying the host as an IPv6 address on HP-
UX Release 11i v3, as shown below:
If both the hostname and the path are specified, then the first occur‐
rence of a slash is treated as the separator.
The IPv6 address can optionally be enclosed in a pair of square brack‐
ets and
EXTERNAL INFLUENCES
Default Options
In addition to the standard options, you can change SD behaviors and
policy options by editing the default values found in:
the system-wide default values,
the user-specific default values.
You must use the following syntax to specify values in the defaults
file:
The optional prefix denotes one of the SD commands. Using the prefix
limits the change in the default value to that command. If you leave
the prefix off, the change applies to all commands.
You can also override default values from the command line with the or
options:
The following section lists all of the keywords supported by the com‐
mand. If a default value exists, it is listed after the
The location for SD logfiles and the default par‐
ent directory for the
installed software catalog. The default
value is for normal SD operations. When
SD operates in nonprivileged mode (that
is, when the default option is set to
· The default value is forced to
· The path element is replaced with the
name of the invoking user, which SD
reads from the system password file.
· If you set the value of this option
to path, SD replaces with the invok‐
ing user's home directory (from the
system password file) and resolves
path relative to that directory. For
example, resolves to the directory in
your home directory.
· If you set the value of the default
option to a relative path, that path
is resolved relative to the value of
this option.
SD's nonprivileged mode is intended only
for managing applications that are spe‐
cially designed and packaged. You can‐
not use this mode to manage the HP-UX
operating system or patches to it. For
a full explanation of nonprivileged SD,
see the available at the web site.
See also the and options.
Defines the default location of the target depot.
Defines the directory path where the Installed
Products Database (IPD)
is stored. This information describes
installed software. When set to an
absolute path, this option defines the
location of the IPD. When this option
contains a relative path, the SD con‐
troller appends the value to the value
specified by the option to determine the
path to the IPD. For alternate roots,
this path is resolved relative to the
location of the alternate root. This
option does not affect where software is
installed, only the IPD location.
This option permits the simultaneous
installation and removal of multiple
software applications by multiple users
or multiple processes, with each appli‐
cation or group of applications using a
different IPD.
Caution: use a specific to manage a spe‐
cific application. SD does not support
multiple descriptions of the same appli‐
cation in multiple IPDs.
See also the and options, which control
SD's nonprivileged mode. (This mode is
intended only for managing applications
that are specially designed and pack‐
aged. You cannot use this mode to man‐
age the HP-UX operating system or
patches to it. For a full explanation
of nonprivileged SD, see the available
at the web site.)
Defines the level of SD ACLS to view/modify. The
supported levels
are: or
See the discussion of the option above
for more information.
Controls the time in minutes to cache and re-use
the results of hostname
or IP address resolution lookups. A
value of 0 disables the facility to
cache and re-use lookup results. The
maximum value allowed is 10080 minutes,
which is one week.
A value of:
disables the lookup caching mechanism.
is the maximum value allowed.
This option controls the exit code returned by
SD's controller commands.
This option is applicable only for a
single target operation, and ignored
when multiple targets are used.
When set to the default value of swacl
returns:
0 If there were no errors, with or
without warnings.
1 If there were errors.
When set to swacl returns :
0 If there were no warnings and no
errors.
1 If there were errors.
2 If there were warnings but no errors.
Defines the protocol sequence(s) and endpoint(s)
on which the daemon
listens and which the other commands use
to contact the daemon. If the connec‐
tion fails for one protocol sequence,
the next is attempted. SD supports both
the tcp and udp protocol sequence on
most platforms.
Relative length of the communications timeout.
This is a value in the
range from 0 to 9 and is interpreted by
the DCE RPC. Higher values mean longer
times; you may need a higher value for a
slow or busy network. Lower values will
give faster recognition on attempts to
contact hosts that are not up, or are
not running Each value is approximately
twice as long as the preceding value. A
value of 5 is about 30 seconds for the
protocol sequence. This option may not
have any noticeable impact when using
the protocol sequence.
This option controls SD's nonprivileged mode.
This option is ignored
(treated as true) when the invoking user
is super-user.
When set to the default value of true,
SD operations are performed normally,
with permissions for operations either
granted to a local super-user or set by
SD ACLs. (See swacl(1M) for details on
ACLs.)
When set to false and the invoking user
is local and is not super-user, nonpriv‐
ileged mode is invoked:
· Permissions for operations are based
on the user's file system permis‐
sions.
· SD ACLs are ignored.
· Files created by SD have the uid and
gid of the invoking user, and the
mode of created files is set accord‐
ing to the invoking user's umask.
SD's nonprivileged mode is intended only
for managing applications that are spe‐
cially designed and packaged. You can‐
not use this mode to manage the HP-UX
operating system or patches to it. For
a full explanation of nonprivileged SD,
see the available at the web site.
See also the and options.
If no target_selections are specified, select
the default of the local host as the
target_selection for the command.
Defines the default
software_selections. There is no sup‐
plied default. If there is more than
one software selection, they must be
separated by spaces.
Defines the default
target_selections. There is no supplied
default (see above). If there is more
than one target selection, they must be
separated by spaces.
Controls the verbosity of the output (stdout). A
value of:
disables output to stdout. (Error and
warning messages
are always written to stderr).
enables verbose messaging to stdout.
Environment Variables
SD programs are affected by external environment vari‐
ables, set environment variables for use by the control
scripts, and use other environment variables that affect
command behavior.
The external environment variable that affects the com‐
mand is:
Determines the language in which messages are dis‐
played.
If is not specified or is set to the
empty string, a default value of is
used. See the lang(5) man page by
typing for more information.
Note: The language in which the SD
agent and daemon log messages are
displayed is set by the system con‐
figuration variable script, For exam‐
ple, must be set to or to make the
agent and daemon log messages display
in Japanese.
Determines the locale used to override any values
for locale
categories specified by the settings
of or any environment variables
beginning with
Determines the interpretation of sequences of
bytes of text data as
characters (for example, single ver‐
sus multibyte characters in values
for vendor-defined attributes).
Determines the language in which messages are
written.
Determines the format of dates
(create_date and mod_date) when dis‐
played by Used by all utilities when
displaying dates and times in and
Determines the time zone for use when displaying
dates and times.
OPERATION
ACL Entries
Each entry in an ACL has the following form:
For example:
An ACL can contain multiple entries. See the and head‐
ings below for more information.
Entry Types
The following entry_types are supported:
Permissions for all other users and hosts that do
not
match a more specific entry in the
ACL. (Example:
Permissions for a named group.
This type of ACL entry must include
a key that identifies that group.
The format can be: or permissions.
(Example:
Permissions for an SD agent from the specified
host system.
SD agents require product level
read access via either a or entry
type in order to copy or install
products from depots. This type of
ACL entry must include a key con‐
taining a hostname or number (in
Internet dot notation) of a system
or the asterisk character to denote
all systems. (Example:
Permissions for the object's owner, whose identity
is listed in the
comment header. (Example:
Permissions for members of the object's group,
whose identity is
listed in the comment header.
(Example:
Permissions for others who are not otherwise named
by a more specific
entry type. The format for can be:
for others on the local host (only
one such entry allowed) or for oth‐
ers at remote hosts (Only one such
entry per remote host allowed).
(Example:
Permissions for a named user.
This type of ACL entry must include
a key that identifies that user.
The format for can be: or permis‐
sions. (Example:
Entries With IPv6 Addresses
IPv6 addresses in the keys within the ACL entries are not
allowed.
Permissions
Permissions are represented as the single character
abbreviations indicated below. Some permissions either
apply only to, or have different meaning for, certain
types of objects, as detailed below. The following per‐
missions may be granted:
Grants permission to read the object.
On or objects, read permission allows
operations. On products within
depots, read permission allows product
files to be installed or copied with
or
Grants permission to modify the object itself.
· On a object (for example, installed
root filesystem), this also grants
permission to modify the products
installed (contained) within it.
· On a object, it does not grant per‐
mission to modify the products con‐
tained within it. Write access on
products is required to modify
products in a depot.
· On a container, write permission
grants permission to unregister
depots. It does not grant permis‐
sion to modify the depots or roots
contained within it.
On a object, grants permission to create
(insert) a new software depot or root
filesystem object, and to register
roots and depots. On a object, grants
permission to create (insert) a new
product object into the
Grants permission to modify the ACL using
Grants permission to perform access checks and
to list the ACL.
A wildcard which grants all of the above permis‐
sions. It is expanded by
to
List Output Format
The output of a list operation is in the following for‐
mat:
entry_type:[key:]permissions
entry_type:[key:]permissions
entry_type:[key:]permissions
You can save this output into a file, modified it, then
use it as input to a modify operation (see the option
above).
Object Ownership
An owner is also associated with every SD object, as
defined by the user name, group and hostname. The owner
is the user who created the object. When using to view
an ACL, the owner is printed as a comment in the header.
Default Realm
An ACL defines a default realm for an object. The realm
is currently defined as the name of the host system on
which the object resides. When using to view an ACL, the
default realm is printed as a comment in the header.
Keys
Expressions (patterns) are not permitted in keys.
A key is required for and entry types. A key is optional
for entry types, and specifies the hostname to which the
entry applies. Only one entry type may exist without a
key, and this entry applies to users at the default realm
(host) of the ACL.
A hostname in a key is listed in its Internet address
format (dot notation) if cannot resolve the address using
the local lookup mechanism (DNS, NIS, or A hostname
within an ACL entry must be resolvable when used with the
and options. Unresolvable hostname values are accepted
in files provided with the option.
swfixrealm
The command updates the hostname information in all reg‐
istered depots, in all primary root ACL files under and
in all host ACL files under
RETURN VALUE
The command returns:
The software_selections and/or target_selections
were successfully displayed or modified.
The display/modify operation failed on
all target_selections.
The modify/modify operation failed on
some target_selections.
The command returns:
The default_realm successfully updated.
The update operation failed.
DIAGNOSTICS
The command writes to stdout, stderr, and to the daemon
logfile. The command writes to stdout, stderr, and to a
logfile at:
Standard Output
The command prints ACL information to stdout when the
user requests an ACL listing.
Standard Error
The command writes messages for all WARNING and ERROR
conditions to stderr. A report that the software_selec‐
tions do not exist is also given if the user has access
permissions to the object.
Logging
The command does not log summary events. It logs events
about each ACL which is modified to the logfile associ‐
ated with each target_selection.
swagentd Disabled
If the daemon has been disabled on the host, it can be
enabled by the host's system administrator by setting the
entry in to and executing
EXAMPLES
To list the ACLs for the and products in depot
The ACL listed to the standard output is similar to this
example ACL:
To list the product template ACL on host
To list the host ACL on the local system:
To read, edit, then replace the ACL protecting the
default depot
To allow user to create, register, and manage all new
depots and roots on the local system:
To allow user to fully manage which already exists:
To deny general access to a depot:
To allow user on host access to and all products it cur‐
rently contains:
To revoke previously granted ACL permission for user on
host to access the product in the default depot on
To deny access to the default depot on the local system
from host
To deny access to the product in the default depot on
host to all users who do not have an explicit ACL entry:
To allow user on host access to the product in the
default depot on host you must specify both a user ACL
for and a host ACL for
To revoke a user ACL for user on host that allowed access
to the product in the default depot on host
To revoke any previously issued access to the product in
the default depot on host by users on host
To deny all access to the users and for the depot at host
To delete entries for local user from all products in the
default local depot:
To update entries with new hostname using
WARNINGS
· You can edit an ACL in such a way that it will leave a
system inaccessible. Do not remove all permissions on
an ACL. (Note, however, that the local super-user can
always edit SD ACLs, regardless of permissions.)
· ACLs can grant the equivalent of local superuser per‐
mission. SD loads and runs files and scripts as supe‐
ruser. Therefore, if an SD ACL gives a user write
permission on a root filesystem or insert permission
on a host, that user has the equivalent of superuser
privileges.
· Note that is not a general purpose ACL editor. It
works only on ACLs protecting SD objects.
FILES
Contains the user-specific default values for some or all
SD options.
Contains the master list of current SD options (with
their default values).
The directory which contains all of the configurable
(and non-configurable) data for SD. This direc‐
tory is also the default location of logfiles.
Contains the active system-wide default values for some
or all SD options.
The Installed Products Database (IPD), a catalog of all
products
installed on a system.
The directory which contains ACLs for the system itself,
template ACLS,
and the secrets file used to authenticate remote
requests.
The default location of a source and target software
depot.
AUTHOR
and were developed by the Hewlett-Packard Company.
SEE ALSOinstall-sd(1M), swagentd(1M), swask(1M), swconfig(1M),
swcopy(1M), swinstall(1M), swjob(1M), swlist(1M), swmod‐
ify(1M), swpackage(1M), swreg(1M), swremove(1M), swver‐
ify(1M), sd(4), swpackage(4), sd(5).
available at
SD customer web site at
swacl(1M)