 |  |
Exit,"
"Map Refresh," "Fault Alarms,"
etc.). Create a new profile for this account in the directory
$OV_REGISTRATION/skel by copying all the files
in the default profile $OV_REGISTRATION/C to the
new skel directory. Then modify this profile by
removing most of the menu choices, thus preventing the operator from
being able run any external commands.[77] To start NNM using
this profile, you must point the $OVwRegDir environment variable to
the new profile directory. To test the new profile, give the
following Bourne shell commands:
[76]When starting NNM via the command line, use $OV_BIN/ovw -ro to open the default map in read-only mode. This will prevent the user from making any map changes (moves, add, deletes, etc.).
[77]Just because a map is opened read-only does not mean that users cannot make changes to the backend of NNM. A user who has the ability to launch the menu items can make changes just like the superuser can. The best way to prevent these changes is to take out any/all configuration menu options.
Once you're confident that this new profile works, create an account for running NNM with minimal permissions and, in the startup script for that account, set $OVwRegDir appropriately (i.e., to point to your skeleton configuration). Then make sure that users can't run NNM from their normal accounts -- perhaps by limiting execute access for NNM to a particular group, which will force users not in that group to use the special account when they want to run NNM. You should also make sure that the users you don't trust can't modify the $OV_REGISTRATION directory or its subdirectories.[root][nms] /> OVwRegDir=/etc/opt/OV/share/registration/skel [root][nms] /> export OVwRegDir [root][nms] /> $OV_BIN/ovw
|  | |
| B.2. Adding a Menu to NNM |  | B.4. Using NNM for Communications |
Copyright © 2002 O'Reilly & Associates. All rights reserved.