Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 Software Distributor Administration Guide: HP-UX 11i v1, 11i v2, and 11i v3 > Chapter 12 Nonprivileged SD

Setting Up Nonprivileged Mode
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Glossary

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

Nonprivileged SD is controlled by two options:

  • admin_directory

  • run_as_superuser

The run_as_superuser option turns nonprivileged mode on or off and is all that is necessary to run the default configuration. (See “Turning On Nonprivileged Mode” and “Default Configuration”.)

The admin_directory option lets you set up an alternative configuration. (See “Alternative Configuration”.)

Packaging Software for Use in Nonprivileged Mode

In addition to these options, software applications to be used under nonprivileged mode have special packaging requirements.

For nonprivileged mode to function:

  • You must package applications and install them so that the files are installed in locations writable by the user who will install the applications. This can be done by:

    • Using the directory keyword in the PSF during packaging

    • By appending a location to the software specifications when you invoke a command from the command line. (See “Software Selections”.)

  • Scripts packaged into the application must be designed not to require super-user privilege.

Turning On Nonprivileged Mode

SD functions in nonprivileged mode only when the run_as_superuser option is set to false and the invoking user is not super-user.

This option applies to all SD-UX commands except swagent, swagentd, swjob, and install-sd. When you set this option to false, any command to which it applies will run in nonprivileged mode. For example:

  • Including -x run_as_superuser=false on the command line invokes nonprivileged mode for that command only.

  • Including -x run_as_superuser=false in your $HOME/.swdefaults directory invokes nonprivileged mode for any or all SD-UX commands that you run.

  • Including -x run_as_superuser=false in /var/adm/sw/defaults invokes nonprivileged mode for all SD-UX commands on the system.

See Appendix A for complete information on using these options.

NOTE: This option is ignored (treated as true) when the invoking user is super-user.

How Nonprivileged Mode Changes SD-UX Behavior

When the run_as_superuser option is set to the default value of true, SD-UX operations are performed normally, with permissions for operations either granted to a local super-user or set by SD ACLs. (See Chapter 9: “SD-UX Security ” for details on ACLs.)

When run_as_superuser is set to false and the invoking user is local and is not super-user, nonprivileged mode is invoked:

  • Permissions for operations are based on the user’s file system permissions.

  • SD ACLs are ignored.

  • Files created by SD have the uid and gid of the invoking user, and the mode of created files is set according to the invoking user’s umask.



Overview
  		 


Default Configuration  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 1997, 2000-2003, 2006, 2007, 2008 Hewlett-Packard Development Company, L.P.