A user is an individual who would like to access a restricted resource (e.g. RAW sockets, privileged TCP and UDP ports, restricted files, restricted memory etc.). If you are a user, then you need not bother yourself with the installation and configuration of Vsys, or the development of Vsys scripts. You should get the specification of your Vsys setup from your administrator. It will typically encapsulate a VSys frontend, which is a directory; and a set of Vsys entries, which appear as FIFO pipes in the VSys frontend. Here's an example.
classoffset=3,language=C,basicstyle=,classoffset=2,stepnumber=1
In this example, we see a VSys entry named local_login that in this example gives a user access to a restricted file, /var/log/secure. This file contains logs of the user's ssh sessions with the system. The script gives a user partial access to the file, making available the set of IP addresses from which the user has logged in in the past while hiding other information including logs pertaining to other users on the system.
Each Vsys entry consists of two items: an input pipe and an output pipe. All data written to the input pipe (in this case, local_login.in) is sent to the corresponding VSys script as input, and the output of a script can be read via the output pipe (in this case, local_login.out). A user can perform both the read and the write operations at the command line. For example:
Here, we redirect the output pipe to the terminal (thereby reading the output of the script) and write into the input pipe using the echo command. Note that these operations must be carried out in this order for the output of the pipe to appear in time for the user to read it. A Vsys script is launched as soon as it is sent input. Any output issued between this time and the time at which the output pipe is opened for reading will be lost (though it will be logged). If the output pipe is not open while a script is active, its output is optionally logged in the Vsys log file.
An alternative method of accessing a vsys script is to use vsyssh, as follows. We specify the vsys entry to connect to as an argument to vsyssh. All subsequent input from the user is sent to the script, and output from the script displayed on the screen.
