Project

General

Profile

Safety System

Application access

Application access may be granted from a system administrator in the Controls Department.

Access to Safety System applications is achieved by asking adeshtux to forward an XWindow to your local computer via ssh. This is handled through a single user, mcr. The mcr user has restricted access via .k5login. The mcr does not get a shell. A bash script is run on login that first runs kdestroy to prevent any tickets being shared on that user. The script then matches on the keyword set page, history, radmon, and apeman. If the argument doesn't match any of these cases it will tell the user what is acceptable and exit. That same keyword set prepended with /esh/bin/ is also acceptable to prevent breaking any existing systems.