If you want to make SoftWindows available to additional workstations, either install SoftWindows on each workstation or remotely mount the original SoftWindows installation on each workstation.
In either case you need a license for each copy of SoftWindows you want to run concurrently.
To mount a copy of SoftWindows on a second workstation, proceed as follows:
Mount or link the remote $SWINHOME to a local $SWINHOME.
For example, using an NFS mount type the following commands as root at the UNIX prompt on the second host:
mkdir $SWINHOME |
mount sourcemachine:install $SWINHOME
where sourcemachine is the name of the workstation where SoftWindows was physically installed, and $SWINHOME is the SoftWindows installation directory.
Alternatively, you can use automounter, assuming the following line has been included in the automounter mapping file on the second host:
/net -hosts |
by typing the following command at the UNIX prompt on the second host:
ln -s /hosts/sourcemachine/install $SWINHOME
where sourcemachine is the name of the workstation from which you are installing and $SWINHOME is the SoftWindows installation directory.
Run SoftWindows in the usual way by typing, for example:
$SWINHOME/bin/swin
To install SoftWindows on a second workstation, install SoftWindows as normal, but remove the $SWINHOME/FLEXlm/license.dat file if present. Either:
Edit the user's .cshrc, .login, or .profile file to include a line that specifies a valid license file in the network.
For example, in the C shell, add the following single line to .cshrc:
setenv LM_LICENSE_FILE /hosts/machine/$SWINHOME /FLEXlm/license.dat
where $SWINHOME is the SoftWindows installation directory.
or:
Link the primary license file to the secondary installation. When a link is created, new licenses can be accessed from SoftWindows without having to copy the license file around the network.
For example, enter the following command (all on one line):
ln -s /hosts/machine/$SWINHOME/FLEXlm/license.dat $SWINHOME/FLEXlm/license.dat
where $SWINHOME is the SoftWindows installation directory.
In a multi-user environment, installing the hard disk data file (needed whenever users create a new hard disk) locally on each workstation consumes a large amount of disk space. As an alternative to doing this, you might consider copying the file onto a network drive. You can then create symbolic links to it on each workstation in $SWINHOME.
For example, executing the following UNIX command would create the symbolic link file sys.diskdata in $SWINHOME assuming the WIN95.DAT file has been copied from the second installation CD-ROM (CD2) to /net/srvr/mountpt.
ln -s /hosts/srvr/mountpt/WIN95.DAT $SWINHOME/sys.diskdata |
SoftWindows can be configured to run in a secure mode, which is designed to allow the system administrator to configure an installation so that users have access only to specific PC applications and cannot change the configuration of SoftWindows itself.
Secure mode provides the following features:
Users run a standard configuration of SoftWindows and cannot modify that configuration.
SoftWindows is prevented from booting from a floppy disk in drive A:. If configured, drive A: can still be used for normal file storage operations by Windows and MS-DOS programs.
The MS-DOS boot modifier keys, 5, 8, and S are disabled so that users cannot modify the boot sequence.
The MS-DOS control key combinations, cC, cB, and cAD are disabled so that users cannot force an abnormal exit from application programs.
SoftWindows can be set up so that SoftWindows terminates when the user exits from an application.
This section describes the recommended procedure for setting up a user to run in the secure mode.
Log in as the user, and start SoftWindows to set up a hard disk file and any required VFSA drives to run the required PC application.
Add the following command to the user's AUTOEXEC.BAT file:
C:\INSIGNIA\SECURITY.COM |
Exit from SoftWindows and save the configuration.
Log in as root and use a text editor, such as vi, to edit the SoftWindows system configuration file $SWINHOME/sys.swinconfig to use the hard disk containing the PC application as set up by the first step, and with any other configuration settings required (communications port, floppy device, display size, and so on).
After editing sys.swinconfig, ensure that it is owned by root and has the SUID bit set. If necessary, log in as root and cd to the SoftWindows installation directory. Then enter the commands:
chown root sys.swinconfig chmod 4444 sys.swinconfig |
You may find it useful to refer to the configuration previously saved to the user's configuration file, $HOME/.swinconfig.
You cannot simply copy the user's configuration file over the system configuration file, because the system configuration includes some additional lines.
For more information about the system configuration file refer to Chapter 7, “SoftWindows configuration.”.
Carry out any further configuration of the UNIX system which is required to run the PC application securely.
This may involve changing ownership or permissions of files or directories in the user's environment or which are used through VFSA drives.
For security purposes you may wish to restrict access to user files run during the UNIX login process and configure the user's account to use a restricted shell.
Ensure that there is not a .swinconfig file in the user's home directory, and that SWINHOME and other environment variables are set appropriately to use SoftWindows when the user logs in.
Log in as the user, and check that the PC application runs as required.
When SoftWindows boots, it will notify you that the user does not have a configuration file. At this stage the SoftWindows menus are still enabled, so you can check the configuration. Make a note of any configuration changes that are required so that they can be added to the system configuration file.
Edit the SoftWindows system configuration file $SWINHOME/sys.swinconfig, and change the configuration entry SECURE from No to Yes.
Ensure that $SWINHOME/sys.swinconfig is owned by root and has the SUID bit set.
This is necessary because editing the file manually may clear the SUID bit. If necessary, log in as root, and from the $SWINHOME directory enter the commands:
chown root sys.swinconfig chmod 4444 sys.swinconfig |
The user will now only be able to run SoftWindows in secure mode.
For maximum security, it is recommended that SoftWindows be installed on the workstation on which it is to be executed. Running SoftWindows across an NFS mount to another workstation may not be as secure in some situations as in others.
If the PC application you are using can be exited by the user, you may find it useful to run it from a batch file that includes a reference to the utility C:\INSIGNIA\EXITSWIN.COM, which causes SoftWindows to exit.
For maximum security, it is also recommended that configuration entries in $SWINHOME/sys.swinconfig should not use environment variables (such as $HOME) to locate hard disk files, VFSA directories, and so on. Otherwise the user could set the environment variable to use an alternate directory.
You may also wish to restrict users from viewing the administrator's on-line help. To do this, change the link from the file $SWINHOME/hyperhelp/swinusr.hlp to the file $SWINHOME/hyperhelp/swinsel.hlp to point to the file $SWINHOME/hyperhelp/swinu.hlp. This will mean that any user not logged on as root will always see the user's help when selecting help, rather than having a choice between the user's help and administrator's help.