Project

General

Profile

Feature #9066

Secure Wiener write-access with new community name

Added by Glenn Horton-Smith about 4 years ago. Updated almost 4 years ago.

Status:
Closed
Priority:
High
Category:
slow monitoring and control
Start date:
06/05/2015
Due date:
06/12/2015
% Done:

100%

Estimated time:
2.00 h
Spent time:
Duration: 8

Description

The new community name for write-access should be read from a file that only the uboonesmc account can read.

Details:
The variable definition string in the dbLoadRecords lines in the Wiener "st.cmd" file can have the form
"var1=value,var2=value,...,COMMUNITY=${COMMUNITY},..."

The COMMUNITY epics environment variable can be set from a epicsEnvSet command in the special file that only the uboonesmc account can read, which would be included in the same way "envPaths" is read in the current st.cmd file. The special file with the community name should never be committed to git, and should be kept in a separate directory.

Additionally, with the new organization of the .db files into separate files for input and output channels, we can easily make it so that all the read access is done using the "public" community, and only when values are changed would the write-access community name be used.

The structure described above can be implemented immediately. Actually changing the name will require some configuration of the Wieners.

History

#1 Updated by Glenn Horton-Smith about 4 years ago

  • % Done changed from 0 to 30

Alternative Wiener IOC EPICS-startup script is ready for testing. We need a quiet time when we can do this without confusion.

#2 Updated by Glenn Horton-Smith about 4 years ago

  • Status changed from New to Accepted

#3 Updated by Glenn Horton-Smith almost 4 years ago

  • Status changed from Accepted to Closed
  • % Done changed from 30 to 100

The new approach has been in place for a while and working successfully. Catching up on old issues.



Also available in: Atom PDF