Chapter 4: Serial Port, Device and User Configuration
60 Console Server & RIM Gateway User Manual
To simplify user set up, they can be configured as members of Groups. With firmware V3.5.2 and later there are five
Groups set up by default (where earlier versions only had admin and user by default):
admin Provides users with unlimited configuration and management privileges
pptpd Group to allow access to the PPTP VPN server. Users in this group will have their password
stored in clear text.
dialin Group to allow dialin access via modems. Users in this group will have their password stored in
clear text.
ftp Group to allow ftp access and file access to storage devices
pmshell Group to set default shell to pmshell
users Provides users with basic management privileges
Note:
1. Membership of the admin group provides the user with full Administrator privileges. The admin user
(Administrator) can access the console server using any of the services which have been enabled in System:
Services e.g. if only HTTPS has been enabled then the Administrator can only access the console server using
HTTPS. However once logged in they can reconfigure the console server settings (e.g. to enabled HTTP/Telnet
for future access). They can also access any of the connected Hosts or serial port devices using any of the
services that have been enabled for these connections. But again the Administrator can reconfigure the access
services for any Host or serial port. So only trusted users should have Administrator access
2. Membership of the user group provides the user with limited access to the console server and connected Hosts
and serial devices. These Users can access only the Management section of the Management Console menu
and they have no command line access to the console server. They also can only access those Hosts and serial
devices that have been checked for them, using services that have been enabled
3. If a user is set up with pptd, dialin, ftp or pmshell group membership they will have restricted user shell access
to the nominated managed devices but they will not have any direct access to the console server itself. To add
this the users must also be a member of the "users" or "admin" groups
4. The Administrator can also set up additional Groups with specific power device, serial port and host access
permissions. However users in these additional groups don’t have any access to the Management Console menu
nor do they have any command line access to the console server itself.
5. The Administrator can also set up users with specific power device, serial port and host access permissions, who
are not a member of any Groups. Similarly these users don’t have any access to the Management Console menu
nor do they have any command line access to the console server itself.
6. For convenience the SDT Connector “Retrieve Hosts” function retrieves and auto-configures checked serial ports
and checked hosts only, even for admin group users
4.2.1 Set up new Group
To set up new Groups and new users, and to classify users as members of particular Groups:
Select Serial & Network: Users & Groups to display the configured Groups and Users
Click Add Group to add a new Group
To Next Page
Loading...
Need help?
General
