hi gurus i am a newbie to XEN and would like to know if there''s a way to allow non-root user to use the XM command to stop and start XEN VM hosts. thanks !
Daniel P. Berrange
2006-Dec-08 19:52 UTC
Re: [Fedora-xen] allow non-root user to stop/start xen host
On Fri, Dec 08, 2006 at 02:29:38PM -0500, Gary Siao wrote:> hi gurus > > i am a newbie to XEN and would like to know if there''s a way to allow > non-root user to use the XM command to stop and start XEN VM hosts.No standard tools allow this[1]. Letting non-root users stop/start guests is a potential security hole, because the back-end drivers for the guest access many privileged files / system resources in Dom0. Regards, Dan. [1] Well technically you can enable HTTP access in XenD, but this is akin to running a telnet / ssh server with no root password - incredibly foolish if you care about integrity of your machine. -- |=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=| |=- Perl modules: http://search.cpan.org/~danberr/ -=| |=- Projects: http://freshmeat.net/~danielpb/ -=| |=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|
Adrian Chadd
2006-Dec-09 00:26 UTC
Re: [Fedora-xen] allow non-root user to stop/start xen host
On Fri, Dec 08, 2006, Daniel P. Berrange wrote:> On Fri, Dec 08, 2006 at 02:29:38PM -0500, Gary Siao wrote: > > hi gurus > > > > i am a newbie to XEN and would like to know if there''s a way to allow > > non-root user to use the XM command to stop and start XEN VM hosts. > > No standard tools allow this[1]. Letting non-root users stop/start guests is > a potential security hole, because the back-end drivers for the guest access > many privileged files / system resources in Dom0.You could also use sudo. xm is just ''another command'' (with, as Daniel said, all the potential security issues.) Adrian