[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] User access to "xm console"



Anand wrote:
> Would you mind sharing your custom script ?

The script I wrote for handling the "virtual serial console" setup with
Xen 3 is as follows:

---- BEGIN SCRIPT ----
#!/usr/bin/perl

use English;

$ENV{'PATH'} =
'/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin';

die("This script must be setuid root") if $EUID != 0;

$instname = (getpwuid($UID))[6];
($real_instname) = $instname =~ /^([a-z0-9\._\-]+)$/i;
print "*** Entering console, press Ctrl-] to detach ***\n";
system('/usr/sbin/xm', 'console', $real_instname);
print "\n*** Console detached ***\n";
---- END SCRIPT ----

I installed this script as /usr/local/bin/xencons-sh, owned by user
root, group vscons, mode 4750. This allows just the users in group
vscons (for whom this should be their shell anyway) to run it,
preventing anyone else from doing untoward things with the script.

Make sure that you install your distribution's package containing
suidperl ("perl-suid" on Debian), as this script must run setuid root,
otherwise it won't be able to open the console.

-- 
Derrik Pates
demon@xxxxxxxxxxxxx

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.