5.6.1. - Extra Protection
At some spec installations, the administrators need to prevent users from accessing or modifying the configuration of certain motors. The edconf program supports a wizard mode that allows such protection. If you type
^W
while running
edconf
you will be prompted for the wizard's password.
If you enter it properly, you will be able to select additional levels
of configuration protection.
When running spec, a user who knows the password can gain temporary access to protected motors via the
spec_par("specwiz")
function.
The standard macros
onwiz
and
offwiz
provide a convenient implementation.
Since modern UNIX systems forbid unprivileged users access to encrypted passwords, spec will first look for a readable
SPECD
/passwd
file that contains an entry containing an encrypted password for a
specwiz
user.
If no such file exists, spec will also look in
/etc/passwd
and
/etc/shadow,
although the former is unlikely to contain encrypted passwords and the latter
is unlikely to be readable.
The spec distribution includes a
wiz_passwd
utility, which can be run to create the
SPECD
/passwd
file.
To prevent users from disabling the wizard protections by editing the config file by hand, you can use file protection features built in to UNIX. One possibility is to make the edconf program set-user id specadm, change the ownership of the config files to specadm, and change the modes of the config files to
rw-r--r--
. Do that using commands (as super user) along the following lines:
chown specadm edconf fourc/config surf/config ... chmod u+s edconf chmod 644 fourc/config surf/config ...