Hi, Say I have these domUs and their administrators on my dom0: guest admin(s) ----- -------- vm1 user1, user3 vm2 user2, user3 vm3 user3 Each administrator should be able to do whatever he wants to do with the xm command on the domU he''s maintaining but he should not be able to perform any xm actions on domUs where he''s not supposed to have access to. So instead of giving general access for "sudo xm ..." I need something more fine grained. Instead of writing my own script to check user''s access to the given domU, is there any nice wrapper script for xm which already does this kind of access control checks? I hate reinventing the wheel again... My dom0 is Debian 5.0 with self-compiled Xen 3.3.1 and libvirtd 0.6.1 if that makes any difference... Martti _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
On 3/31/09, Martti Kuparinen <martti.kuparinen@iki.fi> wrote:> Hi, > > Say I have these domUs and their administrators on my dom0: > > guest admin(s) > ----- -------- > vm1 user1, user3 > vm2 user2, user3 > vm3 user3 > > Each administrator should be able to do whatever he wants to do with the xm > command on the domU he''s maintaining but he should not be able to perform > any xm actions on domUs where he''s not supposed to have access to. So > instead of giving general access for "sudo xm ..." I need something more > fine grained. > > Instead of writing my own script to check user''s access to the given domU, > is there any nice wrapper script for xm which already does this kind of > access control checks? I hate reinventing the wheel again... > > My dom0 is Debian 5.0 with self-compiled Xen 3.3.1 and libvirtd 0.6.1 if > that makes any difference... > > Martti > > _______________________________________________ > Xen-users mailing list > Xen-users@lists.xensource.com > http://lists.xensource.com/xen-users >Xen Shell - http://www.xen-tools.org/software/xen-shell/ Keith Coleman _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
On Tue, Mar 31, 2009 at 10:33 AM, Keith Coleman <list.keith@scaltro.com>wrote:> On 3/31/09, Martti Kuparinen <martti.kuparinen@iki.fi> wrote: > > Hi, > > > > Say I have these domUs and their administrators on my dom0: > > > > guest admin(s) > > ----- -------- > > vm1 user1, user3 > > vm2 user2, user3 > > vm3 user3 > > > > Each administrator should be able to do whatever he wants to do with the > xm > > command on the domU he''s maintaining but he should not be able to perform > > any xm actions on domUs where he''s not supposed to have access to. So > > instead of giving general access for "sudo xm ..." I need something more > > fine grained. > > > > Instead of writing my own script to check user''s access to the given > domU, > > is there any nice wrapper script for xm which already does this kind of > > access control checks? I hate reinventing the wheel again... > > > > My dom0 is Debian 5.0 with self-compiled Xen 3.3.1 and libvirtd 0.6.1 if > > that makes any difference... > > > > Martti > > > > > > > Xen Shell - http://www.xen-tools.org/software/xen-shell/ > > > Keith Coleman >If you can get it to work as any user other than root. I couldn''t after several hours and never had time to find out why. Grant McWilliams Some people, when confronted with a problem, think "I know, I''ll use Windows." Now they have two problems. _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Keith Coleman wrote:> Xen Shell - http://www.xen-tools.org/software/xen-shell/ > > > Keith ColemanIf you do use that, make sure that you disable port forwarding in your ssh, otherwise it''s very unsecure. I haven''t seen anything in the documentation of that software that talks about it (let me know if I''m wrong), and to me, that is a big flow and security threat. Thomas _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users