Hi Dayle, hi Janet!
>>>>> "Dayle" == Dayle Kotturi <[email protected]> writes:
> Hi Ralph,
> Thanks for your help. You were right.
> As you can see [...]
Bingo!
So it was a good guess. (And: Thanks, Janet, for good error messages...)
> Now, I just need to dream up a solution...
> I think this means running alh as a "special user" who has the
> privilege to write to all the dbs, and then write a script to change
> from the shiftleader account to the "special user", all transparent
> to the shifter.
> (...several hours later...)
> But the use of a "special user" to run the alh still has a problem to
> solve in that the shifter will be popping up dm panels via the 'P'
> buttons as "special user" and would be able to press buttons which are
> normally forbidden (to shifter account). It's like now I need to separate the
> rules to write to ACKT from the rules to write to the other fields...
No. Don't do that. You will mess up your EPICS base installation, always
have to re-patch these things when switching to a new version of base,
get nasty answers on tech talk that you are on your own since you
started screwing around with base ... all the good things.
I even find the "special user" approach in this case too complicated and
too painful to maintain.
Why not:
o Leave the existing user and stuff as it is.
o Leave the existing Gateway as it is.
o Run a second Gateway on the gateway host that allows write access for
the user/host that the alh runs under. This second Gateway runs using
a non-standard CA server port. Since this will be used by alh only,
the configuration could be simple.
o The alh processes are started from a wrapper script with a special
setting of EPICS_CA_ADDR_LIST that makes them use the special
alh-Gateway which allows acknowledging alarms and writing the ACKT
fields.
o The "P" entries that start dm panels from alh are resetting the
EPICS_CA_ADDR_LIST to the standard value (i.e. unsetting it?). This
can be done either directly in the alh config or by another wrapper
script. Thus the panels use the normal Gateway with restricted
access.
o Anyone who is starting dm panels manually will get the usual setting
with the restricted access. You would have to know the special port
number and set EPICS_CA_ADDR_LIST accordingly to be able to start
panels with write access. So for a trusted system ... this is still
bad, but not grossly negligent.
I would prefer generic script wrappers to change the settings, since
these are easy to maintain: changes are done in one place - without a
need to restart the alh processes.
Hope this helps,
Ralph
- Navigate by Date:
- Prev:
RE: Getting Alarm Handler (1.2.9 or 1.2.10) to write to ACKT fiel d Rock, Judith E.
- Next:
Re: Making Records Invisible Andreas Luedeke
- Index:
1994
1995
1996
1997
1998
1999
2000
2001
<2002>
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
- Navigate by Thread:
- Prev:
Re: Getting Alarm Handler (1.2.9 or 1.2.10) to write to ACKT field Ralph . Lange
- Next:
medm/dm2k executable for Windoze Rarback, Harvey
- Index:
1994
1995
1996
1997
1998
1999
2000
2001
<2002>
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
|