Re: [foxboro] Foxboro I/A OPC - Security
- From: "Lieven Taleman" <lieven.taleman@xxxxxxxxx>
- To: <foxboro@xxxxxxxxxxxxx>
- Date: Sat, 20 May 2006 16:36:24 +0200
Hi Andreas,
One of the main security issues is the ability to determine which action a
certain user can take based on his profile.
If we let them all work under the root account in an open shell there is a
high risk that someone can accidently execute a command that destabilizes
the system.
A nice and easy feature is the use of the sudo program. With this, you can
define which commands can be executed and by who.
A Foxboro I/A system can be splitted up in directory paths with different
tasks. One of the main tasks is file management
E.g. /opt/disp,/opt/menus,/opt/overlays contains all your display files.
If you now create a small copy/move/delete script that only allows to work
under these directories, you create the certainty that system files cannot
be modified or removed. (PS: Make sure that the regular user cannot modify
this type of scripts !!. A better solution is using a graphical file
explorer that limits the accessible directories.
Greetings,
Lieven Taleman
B.V.B.A Talsoft - Belgium
lieven.taleman@xxxxxxxxxx
-----Oorspronkelijk bericht-----
Van: foxboro-bounce@xxxxxxxxxxxxx
[mailto:foxboro-bounce@xxxxxxxxxxxxx]Namens Johnson, Alex P (IPS)
Verzonden: vrijdag 19 mei 2006 21:38
Aan: foxboro@xxxxxxxxxxxxx
Onderwerp: Re: [foxboro] Foxboro I/A OPC - Security
In general, anything that accesses the OM needs root permissions. You can
grant any program root permissions by using the chmod command:
chmod +4000 <pgmName>
The application could then be run by someone other than root as if root had
run it.
Other issues running as a different user tend to boil down to directory
access permissions.
Hope this helps.
Regards,
Alex Johnson
Invensys Systems, Inc.
10900 Equity Drive
Houston, TX 77041
713.329.8472 (voice)
713.329.1700 (fax)
713.329.1600 (switchboard)
alex.johnson@xxxxxxxxxxxxxxxx
-----Original Message-----
From: foxboro-bounce@xxxxxxxxxxxxx [mailto:foxboro-bounce@xxxxxxxxxxxxx] On
Behalf Of Weiss, Andreas
Sent: Saturday, March 11, 2006 7:36 AM
To: foxboro@xxxxxxxxxxxxx
Subject: Re: [foxboro] Foxboro I/A OPC - Security
> A software guy loves to work under full access (say root)=20
> because than he
> does not has to worry about "permission denied" issues.
Hi,
which I/A series applications on a Solaris Box can run under another
account than root?
Has anyone experience in this field for example building display under a
normal user account (that is a non root account)?
Greetings,
Andreas
_______________________________________________________________________
This mailing list is neither sponsored nor endorsed by Invensys Process
Systems (formerly The Foxboro Company). Use the info you obtain here at
your own risks. Read http://www.thecassandraproject.org/disclaimer.html
foxboro mailing list: //www.freelists.org/list/foxboro
to subscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=join
to unsubscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave
_______________________________________________________________________
This mailing list is neither sponsored nor endorsed by Invensys Process
Systems (formerly The Foxboro Company). Use the info you obtain here at
your own risks. Read http://www.thecassandraproject.org/disclaimer.html
foxboro mailing list: //www.freelists.org/list/foxboro
to subscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=join
to unsubscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave
_______________________________________________________________________
This mailing list is neither sponsored nor endorsed by Invensys Process
Systems (formerly The Foxboro Company). Use the info you obtain here at
your own risks. Read http://www.thecassandraproject.org/disclaimer.html
foxboro mailing list: //www.freelists.org/list/foxboro
to subscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=join
to unsubscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave
Other related posts:
