Xen project Mailing List

Re: [Xen-users] User access to "xm console"

From: Derrik Pates <demon@xxxxxxxxxxxxx>

Date: Mon, 02 Jan 2006 22:36:56 -0500

Cc: Andy Smith <andy@xxxxxxxxxxxxxx>, xen-users <xen-users@xxxxxxxxxxxxxxxxxxx>

Delivery-date: Tue, 03 Jan 2006 03:42:10 +0000

List-id: Xen user discussion <xen-users.lists.xensource.com>

Anand wrote: > Would you mind sharing your custom script ? The script I wrote for handling the "virtual serial console" setup with Xen 3 is as follows: ---- BEGIN SCRIPT ---- #!/usr/bin/perl use English; $ENV{'PATH'} = '/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin'; die("This script must be setuid root") if $EUID != 0; $instname = (getpwuid($UID))[6]; ($real_instname) = $instname =~ /^([a-z0-9\._\-]+)$/i; print "*** Entering console, press Ctrl-] to detach ***\n"; system('/usr/sbin/xm', 'console', $real_instname); print "\n*** Console detached ***\n"; ---- END SCRIPT ---- I installed this script as /usr/local/bin/xencons-sh, owned by user root, group vscons, mode 4750. This allows just the users in group vscons (for whom this should be their shell anyway) to run it, preventing anyone else from doing untoward things with the script. Make sure that you install your distribution's package containing suidperl ("perl-suid" on Debian), as this script must run setuid root, otherwise it won't be able to open the console. -- Derrik Pates demon@xxxxxxxxxxxxx _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.