Difference between revisions of "Users"
From Rivendell Wiki
(Created page with "Users and passwords cause a lot of confusion at times, so here's a quick overview of the various flavors of users and which password is associated with them. There are three...") |
(No difference)
|
Latest revision as of 16:06, 12 March 2018
Users and passwords cause a lot of confusion at times, so here's a quick overview of the various flavors of users and which password is associated with them. There are three 'applications' (using the term very loosely) that have users associated with them: Linux, Rivendell programs, and mySQL. The passwords for the various accounts may or may not be important to the Rivendell programs.
Linux accounts:
root: The superuser account on a Linux system password: doesn't matter to Rivendell
rd-user: The non-privileged account a person logs in as to run use the Rivendell programs. It doesn't have to be called rd-user. It can be called anything you like. This is the account referenced in /etc/rd.conf under the Identity section. Note that the password in this section in rd.conf is *not* the password for the Linux rd-user account. This is confusing, but is the case due to historical reasons.
[Identity]
Password=letmein
AudioOwner=rd-user
AudioGroup=users
password: doesn't matter, but should be different than the one in rd.conf for security. You don't want a publically readable file advertising your Linux user passwords!
mySQL accounts:
root: The mySQL root account. This is *not* to be confused with the Linux root account and should not have the same password as the Linux root account for security considerations. Programatically it doesn't matter if they're the same or not.
rduser: the account created in the mySQL database the first time that rdadmin is run. This account has no relation to the Linux rd-user account, and the passwords should not be the same for security reasons.
When rdadmin is run for the first time, it reads /etc/rd.conf and creates the rduser account in mySQL and sets the rduser password to the Password entry found in the Identity section (see above). This account/password is used by the Rivendell programs when interfacing with mySQL - it is never used directly by end users. Note that in releases earlier than 0.9.34 the password 'letmein' was hard coded in rdadmin causing the Rivendell programs to fail to start if it was changed in /etc/rd.conf. This has been fixed in the current version.
Rivendell accounts:
admin: The administrative account used to manage the Rivendell system. This ID set is entered when you run rdadmin. It may or may not have a password associated with it, although one is highly recommended! The admin account manages permissions and functionality in the Rivendell system. It can change system settings, add/remove users accounts, associate cards and ports with IO devices, etc.
user: The default user account, internal to Rivendell. This account is the one which normally is used for day to day operations. By default, it can do pretty much anything except administrative functions, and it can not edit or create templates. Additional accounts may be desirable, depending on station policy, with more restricted or expnaded rights.
If scheduling software is used, it is a good idea to create a second user account, identical to the default 'user', however which has the 'Modify Template' checked in RDAdmin->ManageUsers. Without that right, the 'Edit Events', 'Edit Clocks', and 'Edit Grids' is grayed out in RDLogManager. You don't want anybody to be able to change them however, once they're created. Edit them with the user account with elevated permissions; use the default 'user' account (or other accounts you've created) for day to day operations.
This id/password doesn't have any direct relationship to the Linux centric rd-user account.
At first it maybe unclear what effect changing the password has here, as you can change the user password in rdadmin, yet when you start RDAirplay, RDLibrary, etc. you are not prompted to enter a password. They just start with the default user. This is because you can change users while these programs are running by using the RDLogin application. The idea behind this was similar to what you see at stores with managers coming to punch in a code to allow certain transactions. Also, who wants to shutdown a running radio automation to login the next DJ for his shift?
Multiple user accounts can be created,and permissons set in RDAdmin. Using RDLogin you can change users, and therefore permissons as well, for a running programs. Also, for RDAirplay you can have user defined sound panels that will only load when that user logs in in addtion to the standard sound panels.
One other helpful note the current user is always displayed in the title bar of running programs.
User Permissions
Administrative Rights: Administer System - access RDAdmin
Production Rights: (within RDLibrary) Create Carts - Can user create carts? Modify Carts - Can user modify carts Edit Audio Delete Carts - Can user delete carts Edit Netcatch Schedule Voicetrack Logs
Traffic Rights: (within RDLogManager) Create Log Modify Template Delete Log Delete Report Data
OnAir Rights: (within RDAirplay) Playout Logs Add Log Items Configure System Panels Rearrange Log Items Delete Log Items
Podcasting Rights: Create Podcast Delete Podcast Edit Podcast
Assign Group Permissions: Specify which groups User can access
Assign Podcast Feed Permissions: Specify which feeds User can access
Usage:
Log into Linux as rd-user (or whatever you called the Linux account) for day to day operations when using the Rivendell programs (rdairplay, rdlogedit, rdlibrary, etc.). Don't run the Rivendell programs as root.
Rivendell daemons: (caed, ripcd, rdcatchd) started by root, either at startup. On a SuSE system, one can enable the daemons to be started at bootup with the following command (as root):
chkconfig rivendell on
This will enable them in runlevel 3 and 5. Starting the Rivendell programs should also automatically start the daemons if they're not already started. mySQL must already be running however. The Rivendell programs don't start it.