Thinklogical Secure Console Server Manual User Manual

S e c u r e C o n s o l e S e r v e r M a n u a l , R e v . K , J u l y , 2 0 1 3

Page 47

7.9.1 User Port Control

The SCS can use NIS to control which user can access a port on the SCS. To use this
feature, a database must be created on the NIS server. The following files are needed to set
up the port access database:

lsi_port_access

Port Access Permission Definition file

lsi_port_user

Port Access User Definition file

lsi_port_awk

Port Access AWK file (required for the Make file)

Makefilenis.portAccess

Make file used to build the LSI database

7.9.2 NIS Port Access

The file

lsi_port_access

contains the port permissions for connect, monitor and clear and

is referenced by a group. Users may define as many groups as needed. The following example,
where perm = permission, illustrates how the group file is constructed:

group name:console server name:connect perm:monitor perm:clear perm

where: group name is the name of the user’s group

console server name is

the SCS’s hostname

connect perm is the port that a group can connect with

monitor perm are the ports that a group can monitor

clear perm are the ports that a group is allowed to clear

For example:

pbxgrp:tvscs320:1,2-6,13:5-9:1-7

itgrp:tvscs160:8-16:7:1,3,5,7-11

The above example shows two groups,

pbxgrp

and

itgrp,

that are allowed to access ports on a

Secure Console Server.

The first group,

pbxgrp

, can access an SCS with the hostname of

tvscs320

. The group can

connect to ports 1, 2, 3, 4, 5, 6 and 13. It can monitor ports 5, 6, 7, 8 and 9. This group is
allowed to clear ports 1, 2, 3, 4, 5, 6 and 7.

The second group,

itgrp

, can access the SCS with a hostname of

tvscs160

. This group can

connect to ports 8, 9, 10, 11, 12, 13, 14, 15 and 16. It can monitor port 7, and can clear ports 1, 3,
5, 7, 8, 9, 10 and 11.

LSI Port Access Permission file

Port Access Permission for the user defined group names* are defined below.

Permissions can be any or all of the following forms:

decimal value
decimal range using a dash (-) as the range indicator
a comma (,) used to separate digits and/or ranges
a colon (:) used as the field separator, as in:

group name:console server name:connect perm:monitor perm:clear perm

*

user_group1:scs160_milford:1-16:1-3,5,8,16:0

*

user_group2:scs320_boston:1-6:12,15:3-7