System administration, 3 nis port access – Logical Solutions Secure Console Servers SCS-R User Manual

System Administration

SCS160 / SCS320 / SCS480

Page 62

www.thinklogical.com

SCS160R / SCS320R

7.9.3 NIS Port Access

The file

lsi_port_access

contains the port permissions for connect, monitor

and clear. It is referenced by a group; you may define any number of groups you need.
The following example will illustrate how the group file is constructed.

group name : console server name : connect perm : monitor perm : clear perm

where:

group name

is the name of the user’s group

console server name

is the SCS’s hostname

connect perm

port that a group can connect with

monitor perm

ports that a group can monitor

clear perm

ports that a group are allowed to clear

For example:

pbxgrp : tvscs320 : 1,2-6,13 : 5-9 : 1,7
itgrp : tvscs160 : 8-16 : 7 : 1,3,5,7-11

The above example shows two groups (

pbxgrp

and

itgrp

) that are allowed to

access port on a secure console server.

The first group, pbxgrp, can access an SCS with the hostname of tvscs320. The

group can connect to ports 1,2,3,4,5,6 and 13. It can monitor ports 5,6,7,8 and 9. This
group is allowed to clear ports 1,2,3,4,5,6 and 7.

The second group, itgrp, can access the SCS with a hostname of tvscs160. This

group can connect to ports 8,9,10,11,12,13,14, 15 and 16. It can monitor port 7, and
can clear ports 1,3,5,7,8,9,10 and 11.

# LSI Port Access Permission file...
# Port Access Permission for the user defined group name(s) are defined below
# Permissions can be any or all of the forms:
# - decimal value
# - decimal range using a dash (-) as the range indicator
# - a comma (,) is used to separate digits and/or ranges
# - a colon (:) is used as the field separator.
#
# group name : console server name : connect perm : monitor perm : clear perm

user_group1 : scs160_milford : 1-16 : 1-3,5,8,16 : 0
user_group2 : scs320_boston : 1-6 : 12,15 : 3-7