QNX RTOS v4 Knowledge Base
QNX RTOS v4 Knowledge Base
| Title |
Restricting access from one node to other nodes |
| Ref. No. |
QNX.000009309 |
| Category(ies) |
Network, Kernel, Configuration |
| Issue |
We'd like to set up a BBS on a dedicated node, but don't want people who log in to see what's on our other nodes. What's the simplest way of providing this protection, short of disconnecting the machine from the network?
|
| Solution |
Use the '-L' option for Proc. This option prevents a node from creating outbound virtual circuits (VCs), which means that no one on that node can request services from other nodes.
For example, if this option is specified on node 1 of a network, no one on node 1 could use 'ls' to see the files on node 2, node 3, or any other node. Thus, if node 1 were the BBS node, outsiders would see only the files placed on that node. This option doesn't affect inbound VCs, so other nodes could still acesss node 1, making it possible to update the BBS.
To invoke this restriction, add the '-L' option to Proc in the node's build image, rebuild the image, then reboot. For more information on this procedure, see the chapter on "Building a Custom Operating System Image" in the QNX 4 User's Guide.
|
|
