By default, a station follows the run-as configuration of the 3DOrchestrate Distribution Server to which it is connected.
These configurations are only necessary if the the DRM mode is built-in (the default). If the DRM mode is LSF or Open DRM, you must make similar configurations on the Linux-based 3DOrchestrate Distribution Server, as described above in Enable Run-As Security in the 3DOrchestrate Distribution Server.
To configure a Linux-based station to use the run-as security feature, you must 1) change permissions on the SMAExePlaunch file, 2) specify a temporary directory in the station properties, and 3) add a new file to the system's /etc directory.
-
If you will be authenticating users with a Windows Active Directory server, edit the Domain property of the station to specify the name of the Windows domain to be used.
The 3DOrchestrate Station will now use this domain to authenticate users' credentials instead of the domain specified in the SMAExeServer-xxxx.properties file of the 3DOrchestrate Distribution Server.
-
Log into the 3DOrchestrate Station computer as
root
.
-
Open a terminal/shell, and change directory (
cd
) to the following directory:
<station_install_dir>/config/
-
Execute the following commands:
chown root SMAExePlaunch
chmod 4510 SMAExePlaunch
Setting permissions to 4510 on the SMAExePlaunch file equates to set-user-id, owner read/execute, group execute only, and no access for others. This requires that all users who will start run-as stations must be in the same group, which is recommended for production environments.
-
Specify a temporary directory in the Temp Directory property of the station configuration (or the
fiper.station.tempdir
property in the properties file).
The temporary directory must be world-writable; for example, something similar to /var/tmp/ds-tmp-dir/. Set the permissions on the temporary directory so that it is fully accessible by any user, by using the following command:
chmod 1777 <temp-directory>
For example:chmod 1777 /var/tmp/thisdir
This mode sets the sticky bit, which allows contents (files, subdirectories) to be removed only by the owner (or root).
- Locate the following file:
/etc/pam.d/login
Make a copy of this file and rename it fiper. Be sure that the contents of this copy are identical to the original file.
-
Start (or restart) the 3DOrchestrate Station program.