swacl.1m (2012 03)

swacl(1M) swacl(1M)

To delete entries for local user

rick from all products in the default local depot:

swacl -l product -D user:rick \*

To update entries with new hostname ruby

using swfixrealm

swfixrealm ruby

WARNINGS

• You can edit an ACL in such a way that it will leave a system inaccessible. Do not remove all

con-

trol permissions on an ACL. (Note, however, that the local super-user can always edit SD ACLs,

regardless of permissions.)

• ACLs can grant the equivalent of local superuser permission. SD loads and runs ﬁles and scripts as

superuser. Therefore, if an SD ACL gives a user write permission on a root ﬁlesystem or insert per-

mission on a host, that user has the equivalent of superuser privileges.

• Note that

swacl is not a general purpose ACL editor. It works only on ACLs protecting SD objects.

FILES

$HOME/.swdefaults

Contains the user-speciﬁc default values for some or all SD options.

/usr/lib/sw/sys.defaults

Contains the master list of current SD options (with their default values).

/var/adm/sw/

The directory which contains all of the conﬁgurable (and non-conﬁgurable) data for SD. This direc-

tory is also the default location of logﬁles.

/var/adm/sw/defaults

Contains the active system-wide default values for some or all SD options.

/var/adm/sw/products/

The Installed Products Database (IPD), a catalog of all products installed on a system.

/var/adm/sw/security/

The directory which contains ACLs for the system itself, template ACLS, and the secrets ﬁle used to

authenticate remote requests.

/var/spool/sw/

The default location of a source and target software depot.

AUTHOR

swacl and swfixrealm were developed by the Hewlett-Packard Company.