Restrict 3000 access, link web console, UPS
September 30, 2010
Is there a way to restrict access to only a certain user within an account? For example, I would only like user OPERATOR.AIS to have access to everything in the FILES.AIS group and account. There are users within this account that have AL and or GL access.
Gilles Schipper replies:
If you wish to restrict the group FILES to be able to be accessed by only the user OPERATOR, do the following:
:ALTGROUP FILES;ACCESS=(R,L,X,W,A,S:GL)
:ALTUSER OPERATOR;HOME=FILES;CAP=+GL
This will restrict any kind of access to files within the FILES group to only the user OPERATOR, with the following possible exceptions:
1. Any user in that account that has AM capability cannot be denied access to files in that group.
2. If any other user in the account has its home group as FILES -- AND also has GL capability -- then that user will also have access to the files in the FILES group.
Gilles Schipper replies:
If you wish to restrict the group FILES to be able to be accessed by only the user OPERATOR, do the following:
:ALTGROUP FILES;ACCESS=(R,L,X,W,A,S:GL)
:ALTUSER OPERATOR;HOME=FILES;CAP=+GL
This will restrict any kind of access to files within the FILES group to only the user OPERATOR, with the following possible exceptions:
1. Any user in that account that has AM capability cannot be denied access to files in that group.
2. If any other user in the account has its home group as FILES -- AND also has GL capability -- then that user will also have access to the files in the FILES group.
So, in the specific example you cite
, you only need to ensure that any other user that has GL capability does not also have FILES as the home group. (Of course, as stated previously, you cannot deny access to any user in the account that possesses AM capability).Possessing AL capability does not provide access, since, as shown in the above ALTGROUP command, all forms of access are given ONLY to users with GL capability. And GL capability is negated for all users that log in to other than their HOME groups.
To repeat -- this technique allows you the proper file access restrictions WITHOUT the nuisance of group passwords, because if any user in the account (other than an AM user) logs in to this group (and does not have FILES as the home group or lacks GL capability) that user will be denied access to all files in the FILES group.
Can I make a Web Console work with my 959? The 959 has a DB-25 remote console socket, rather than the 9-pin of the N-Class.
Mark Ranft replies:
With the correct cable, the Web Console should definitely work on the 959. I had it working on a 989. I am not sure why you would compare the 959 to the N-Class. Anyone using Web Console on the N-Class should switch to using the GSP console.
For a better, more reliable, faster, more fully featured console on pre-GSP systems, I have set up remote console via DTC, using back-to-back DTC switching. It is very nice.
Craig Lalley adds:
Just use the 25-pin connector that is currently connected to the system console.
I have a system that I need to set up a UPS and Monitor/iX software. Is there a quick method to configuring and setting up the background job?
Gilles Schipper replies:
You'll need a straight-through 9pin-9pin serial cable attached from the N4000 UPS port to your UPS serial port.
You should already have the UPSUTIL.MPEXL.TELESUP software that you need to configure the UPS monitor.
The UPSUTIL manual, which is really pretty straightforward, is available at:
http://docs.hp.com/en/14249/upsutil.pdf
I am having an issue getting write access to the N-Class console after getting successfully connected. I have tried BREAK, and get the response [Read only - use ^Ecf for console write access.]
Craig Lalley replies:
The "^" stands for the control key.
So with three fingers Control-Shift-E take your fingers off and type 'c' then 'f' -- then hit return