It's a dmcmd script, in /usr/fox/sys. I'm not at the system right now, but
I think we look at the LOGNAME and/or USER environment variables. I'm sure
there are lots of other ways.
Savvy readers will probably notice that there are opportunities aplenty for
abuse here. A remote user who can build displays can effectively override
any OM access controls you put in the environment scripts, and can even
give themselves shells. Fortunately, our graphics builders all either sit
at the console or are authorized for write access. We also try to limit
exposure by using OpenSSH to start up and "tunnel" the DM sessions, and we
limit the read-only users to only running a DM - no user port forwarding,
no other commands, no shells, file transfer, etc.
Corey Clingo
BASF
|---------+---------------------------->
| | stan |
| | <stanb@xxxxxxxxx>|
| | Sent by: |
| | foxboro-bounce@fr|
| | eelists.org |
| | |
| | |
| | 08/28/2003 06:10 |
| | AM |
| | Please respond to|
| | foxboro |
| | |
|---------+---------------------------->
>------------------------------------------------------------------------------------------------------------------------------|
|
|
| To: foxboro
|
| cc:
|
| Subject: Re: [foxboro] DM/Foxview "view only" configuration question
|
>------------------------------------------------------------------------------------------------------------------------------|
On Wed, Aug 27, 2003 at 02:03:50PM -0500, Corey R Clingo wrote:
>
> We're doing something like this, though not with VNC. The remote
sessions
> that have full access come in under a different user ID (i.e., not "ia").
> We have some code in the Change_Env script that checks for what ID the DM
> was invoked under, and sets or revokes access (enables/disables omsets)
> accordingly (our dmcfg by default denies everything for the non-default
> DMs). If you run VNC as a non-root user, you could do something similar.
>
Thats exactly what I want to do!
Where is this Change_Env script? Is it a shell script ot a dmcmd script? if
the later, how can I access the user (wh is running the script) from within
dmcmd?
Thanks!
--
"They that would give up essential liberty for temporary safety deserve
neither liberty nor safety."
-- Benjamin Franklin
_______________________________________________________________________
This mailing list is neither sponsored nor endorsed by Invensys Process
Systems (formerly The Foxboro Company). Use the info you obtain here at
your own risks. Read http://www.thecassandraproject.org/disclaimer.html
foxboro mailing list: http://www.freelists.org/list/foxboro
to subscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=join
to unsubscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave
_______________________________________________________________________
This mailing list is neither sponsored nor endorsed by Invensys Process
Systems (formerly The Foxboro Company). Use the info you obtain here at
your own risks. Read http://www.thecassandraproject.org/disclaimer.html
foxboro mailing list: http://www.freelists.org/list/foxboro
to subscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=join
to unsubscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave