|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] User access to "xm console"
Andy Smith wrote: > I would like to give users access to xm console to their domain. I > am using xen 2.0.7 and don't really want to upgrade this server to > 3.0 just yet. > > Has anyone done this? Does anyone have any tips? Are there any > security issues with doing this? Beyond the usual that it's going > to require at least some access to dom0 which is potentially risky.. I've gone to the length of adding code to my custom domU provisioning script to set up a plain user for each created domain, with the GECOS field containing the full name of the domain to attach to. Each of them is a member of a group (I call it 'vscons'). I assign these users a shell of /usr/local/bin/xencons-sh, which contains the following: #!/bin/bash /usr/sbin/xm console $(getent passwd $(id -u) | cut -d ':' -f 5) That way, the users in question can't do anything other than attach to the console of their Xen instance, and disconnection means immediate logout. Keep in mind that Xen 3 requires a different script, as the domU consoles are done quite differently than they were in 2.0.x. -- Derrik Pates demon@xxxxxxxxxxxxx _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |