Configure Security

Accelerator has 4 privilege levels: READONLY, USER, LEADER, ADMIN.

For detailed information about security, please refer to Security.

Locate the Security Configuration File: security.tcl

This file is in the server configuration directory, default $VOVDIR/../../vnc/vnc.swd/security.tcl and in our test setup, that is ~/ncadmin/vncdexin.swd/security.tcl.

Security Configuration Examples

Least Restrictive Security

The least restrictive security grants everybody full access from any host. This should not be used in production.

# All users (+) are administrators from all hosts (+). 
vtk_security + ADMIN +

Alternatively, a VovUserGroup may be utilized, to assign individuals in a group the ADMIN privilege.

# Members of mygroup are administrators from all hosts (+). 
vtk_security -group mygroup ADMIN +

Most Restrictive Security

# No rule defined gives only the owner of the project ADMIN privileges
# on the server host.

Typical Case

The following example shows a typical security file, in which different privileges are granted to different users. Also notice the use of variables and VovUserGroups in this example.

In the example, mary is an administrator for any host, and dan is an administrator only for reno and milano. The user pat is a LEADER for her machine elko, and fred has USER privileges for 4 machines listed in the variable $allhosts. Members of the VovUserGroup "operators" have ADMIN rights on $allHosts.

set servers           {   reno milano   }
set allhostsset       {   reno milano elko tahoe}

vtk_security mary	      ADMIN    +
vtk_security john	      ADMIN    tahoe
vtk_security dan	       ADMIN    $servers
vtk_security pat	       LEADER   elko
vtk_security fred	      USER     $allhosts
vtk_security   -group operators ADMIN	$allHosts