spec

Software for Diffraction

5.6. - Security Issues



At some installations, you may wish to prevent ordinary users from accessing selected motors. spec offers several levels of security. The security works with the UNIX file ownership and protection mechanisms, so it is important that user and group ownership of the configuration files and file write permission be properly set.

To restrict configuration modification to a single user or group, you must set the write permission of the diffractometer's associated config file accordingly. Type chmod 644 /usr/lib/spec.d/fourc/config to allow only the owner of the file to modify it. Setting the mode to 664 allows users in the owner's group to also modify the file.

There are there basic levels of security for each motor. The first level is the most restrictive, as it prevents the motor from being moved and prevents changes to the position being made in the settings file. The motor position can still be read from the motor controller, though, and the user angle can still be changed using the chg_offset() function (invoked by the set macro). If there is ever a conflict between the current position and the position in the settings file, such as might happen if the power was turned off to the motor controller, the controller registers are automatically adjusted to match the position in the settings file without moving the motor.

The second level of security allows a motor to be moved, but prevents the software limits from being changed. Not only is the set_lim() command restricted, but also the chg_dial() command, as a change in the dial position would effectively change the position of the limits.

The third level offers no security and allows any operation on a motor.

When these motor restrictions are set in the config file, the restrictions apply to everyone, even the owner of the config file. To move a restricted motor, you must first change the config file.