[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] ACL for DomUs

On Mon, Apr 30, 2007 at 10:02:15AM +0200, Reinhard Brandst?dter wrote:

> I'd need some basic features like allowing a certain user group to 
> start/stop/pause/unpause a domain (without giving them root access to the 
> dom0). Maybe also permissions to create new domains (within limits or based 
> on templates)...

  I wrote a simple console-based shell to allow users to do that, and
 also gain access to the serial console:


> but if such things work with a nice web-gui how 
> could it be done with plain Xen?

  It is tricky because to use the "xm" command you need root, and
 you can't just allow "sudo xm ..." unless you trust your users with
 a) remote access, and b) to stay with their own instance.  Hence
 my shell!

  You could write a script:


  Where "skx" is the name of the instance and then give the local
 user skx sudo access to only their own scripts.

  If you have one or two users that is manageable, but it isn't

Debian GNU/Linux System Administration

Xen-users mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.