If you use UNIX log ins, e.g., root and ia, they are different owners. So you can set things up for special programs like omset pretty easily by simply restricting execution to the owner of the program - root. It can get lots more complex if you want. As a rule, each user does have a separate home directory and a shell that executes on log in. The administrator can do a variety of things, e.g., run the restricted shell or change the path to limit the tools that are accessible. Just be aware that programs that access the OM must have root permissions since the Shared Memory segment that the OM uses is restricted to root access. You can get that for non-root users, but setting the 'set-uid' bit using chmod to give any user root access to specific programs (sort of the reverse of the original request). Regards, =20 Alex Johnson Invensys Systems, Inc. 10900 Equity Drive Houston, TX 77041 713.329.8472 (voice) 713.329.1700 (fax) 713.329.1600 (switchboard) alex.johnson@xxxxxxxxxxxxxxxx -----Original Message----- From: foxboro-bounce@xxxxxxxxxxxxx [mailto:foxboro-bounce@xxxxxxxxxxxxx] On Behalf Of brad.s.wilson@xxxxxxxxxxxxxx Sent: Tuesday, September 12, 2006 7:49 AM To: foxboro@xxxxxxxxxxxxx Subject: Re: [foxboro] Protecting control based upon user ID I haven't done too much UNIX admin stuff, but since UNIX only allows for 3 access levels (user/owner, group and other), how would one set up more than 3 levels of access ? Would each ID would have their own home directory structure with the programs they're allowed to run in their home area, and set up the other directories to be off-limits ? Brad Wilson Process Control Engineer ExxonMobil Chemical Co Edison Synthetics Plant 732-321-6115 732-321-6177 fax Brad.S.Wilson@xxxxxxxxxxxxxx =20 "Johnson, Alex P \(IPS\)" <alex.johnson@ To=20 ips.invensys.c <foxboro@xxxxxxxxxxxxx> om> cc=20 Sent by: foxboro-bounce Subject=20 @freelists.org Re: [foxboro] Protecting control based upon user ID =20 09/12/06 08:05 AM =20 =20 Please respond to foxboro@freeli sts.org =20 =20 You can use chmod to make omset usable only by the user root. You would enable the execution by the owner and disable by people in the group or other. Does that make sense? Type 'man chmod' to set the flags. AJ -----Original Message----- From: foxboro-bounce@xxxxxxxxxxxxx on behalf of stan Sent: Tue 9/12/2006 7:12 AM To: Foxboro List Subject: [foxboro] Protecting control based upon user ID I need to be able to disable omset for users based upon who they log in as (UNIX user ID). I've got situations (both Foxview and DM) where I want the user (either logged in locally or using a X client) to log in as root, and have control. if however, they log in as user ia, I don't want them to be able to get omset enabled. Is this possible? If so, how can I accomplish this? -- Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) _______________________________________________________________________ This mailing list is neither sponsored nor endorsed by Invensys Process Systems (formerly The Foxboro Company). Use the info you obtain here at your own risks. Read http://www.thecassandraproject.org/disclaimer.html foxboro mailing list: //www.freelists.org/list/foxboro to subscribe: = mailto:foxboro-request@xxxxxxxxxxxxx?subject=3Djoin to unsubscribe: = mailto:foxboro-request@xxxxxxxxxxxxx?subject=3Dleave -- No attachments (even text) are allowed -- -- Type: application/ms-tnef -- File: winmail.dat _______________________________________________________________________ This mailing list is neither sponsored nor endorsed by Invensys Process Systems (formerly The Foxboro Company). Use the info you obtain here at your own risks. Read http://www.thecassandraproject.org/disclaimer.html foxboro mailing list: //www.freelists.org/list/foxboro to subscribe: = mailto:foxboro-request@xxxxxxxxxxxxx?subject=3Djoin to unsubscribe: = mailto:foxboro-request@xxxxxxxxxxxxx?subject=3Dleave =20 =20 _______________________________________________________________________ This mailing list is neither sponsored nor endorsed by Invensys Process Systems (formerly The Foxboro Company). Use the info you obtain here at your own risks. Read http://www.thecassandraproject.org/disclaimer.html =20 foxboro mailing list: //www.freelists.org/list/foxboro to subscribe: = mailto:foxboro-request@xxxxxxxxxxxxx?subject=3Djoin to unsubscribe: = mailto:foxboro-request@xxxxxxxxxxxxx?subject=3Dleave =20 _______________________________________________________________________ This mailing list is neither sponsored nor endorsed by Invensys Process Systems (formerly The Foxboro Company). Use the info you obtain here at your own risks. Read http://www.thecassandraproject.org/disclaimer.html foxboro mailing list: //www.freelists.org/list/foxboro to subscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=join to unsubscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave