Argonne National Laboratory

Experimental Physics and
Industrial Control System

1994  1995  1996  1997  1998  <19992000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020  Index 1994  1995  1996  1997  1998  <19992000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020 
<== Date ==> <== Thread ==>

Subject: Re: X-terminals & EPICS security
From: lange@bii.bessy.de (Ralph Lange)
To: nda@aps.anl.gov (Ned D. Arnold)
Cc: tech-talk@aps.anl.gov (EPICS Tech-Talk)
Date: Thu, 21 Jan 1999 17:54:23 +0100 (MET)
> > Is there a way I can configure the access security configuration file to use
> > the names/IP address of the individual X-terminals ?
> 
> No.  I was told <since Channel Access Security was born> that to implement this
> feature would make it difficult to port to other operating systems. I was
> encouraged to do this with "prudent system administration" rather than 
> channel access security. I never figured out how to do that either.

Based on the experiences with X-terminals using the "old" (i.e. pre-EPICS)
BESSY I control system I would start thinking in the following direction:

 o Create (additional) different special OPI user accounts for the
   different X-terminals (or security relevant groups of X-terminals) on
   your mainframe.
 o There must be a script-like thing that runs the X-session for the
   generic OPI user (this heavily depends on your system). Insert something
   at the beginning that evaluates $DISPLAY and execs a "su" login shell
   for the appropriate terminal-dependent special OPI user which then
   starts the X-session for the special user.
 o Start all the special OPI users' interactive login shells with calling
   exit if $DISPLAY is not set correctly.
 o Be careful about file permissions. In order to share files between
   different OPI users/X-terminals you might have to create a new group
   for all the special OPI users and set the umask to make everything group 
   writable.
 o Configure your CA Security to work by user instead of by host.

This is just a first thought. I don't claim this to be elegant at all.
Or even working.

Ralph

References:
Re: X-terminals & EPICS security Ned Arnold

Navigate by Date:
Prev: Re: X-terminals & EPICS security Gary Carr
Next: Re: Slow booting ioc Garrett D. Rinehart
Index: 1994  1995  1996  1997  1998  <19992000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020 
Navigate by Thread:
Prev: Re: X-terminals & EPICS security Ned Arnold
Next: Re: X-terminals & EPICS security Gary Carr
Index: 1994  1995  1996  1997  1998  <19992000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020 
ANJ, 10 Aug 2010 Valid HTML 4.01! · Home · News · About · Base · Modules · Extensions · Distributions · Download ·
· Search · EPICS V4 · IRMIS · Talk · Bugs · Documents · Links · Licensing ·