Terminal and port forwarding security
Web terminal
In Formant teleop, operators can use the web terminal feature to run commands on an in-browser terminal for the formant
user on the robot system.
The formant
user is granted capabilities during agent installation.
Broadly speaking, these capabilities include:
- ability to execute programs
- read and write access to shared parts of the filesystem
- access to the
video
andaudio
group
The formant
user owns the following directories:
/usr/lib/formant/agent
/var/lib/formant
/home/formant
Note: formant
does not have root access.
This feature can be disabled robot-side by adding FORMANT_DISABLE_TERMINAL=true
to /var/lib/formant/.bashrc
on the robot.
Port forwarding
Among other capabilities, fctl
can be used to port forward between an operator's machine and a robot. For more information, see SSH to your robots.
This feature can be disabled robot-side by adding FORMANT_PORT_FORWARDING=false
to /var/lib/formant/.bashrc
on the robot.
Updated 11 months ago