[one-users] problem with access to objects in opennebula 3.0
Carlos Martín Sánchez
cmartin at opennebula.org
Thu Nov 10 07:03:45 PST 2011
Hi,
When users list resources in their group, they can see all the existing
objects, but only show (see the extended information) and use the public
ones. You can customize this behaviour using groups [1] and ACL rules [2].
In the next version, resources will have two flags: public and shared, and
it will be a bit more intuitive.
You can read more about this in the thread "[one-users] groups and
images/templates" [4], or follow the development in its ticket [5]
Regards.
[1] http://opennebula.org/documentation:rel3.0:manage_users
[2] opennebula.org/documentation:rel3.0:manage_acl
[3] http://dev.opennebula.org/issues/862
[4] http://www.mail-archive.com/users@lists.opennebula.org/msg04187.html
[5] http://dev.opennebula.org/issues/862
--
Carlos Martín, MSc
Project Engineer
OpenNebula - The Open Source Toolkit for Data Center Virtualization
www.OpenNebula.org | cmartin at opennebula.org |
@OpenNebula<http://twitter.com/opennebula><cmartin at opennebula.org>
2011/11/8 Rolandas Naujikas <rolandas.naujikas at mif.vu.lt>
> On 2011-11-08 16:16, Carlos Martín Sánchez wrote:
> > Hi,
> >
> > Users in the oneadmin group are authorized to perform any operation [1].
>
> Thanks.
>
> ID USER GROUP NAME SIZE TYPE REGTIME PUB
> PER STAT RVMS
> 0 oneadmin users 10G-qcow2 0M OS 11/08 09:43:31 Yes
> No rdy 0
> 2 oneadmin users debian-6.0-a 1G OS 11/08 11:04:30 No
> No used 7
>
> When I (regular user from group "users") tried to use this image (ID=2)
> I got error (not authorized) - so it works.
>
> Problem is that regular user could see private (not public) images from
> other users.
>
> Regards, Rolandas
>
> > Regards.
> >
> > [1]
> >
> http://opennebula.org/documentation:rel3.0:manage_acl#how_permission_is_granted_or_denied
> > --
> > Carlos Martín, MSc
> > Project Engineer
> > OpenNebula - The Open Source Toolkit for Data Center Virtualization
> > www.OpenNebula.org | cmartin at opennebula.org |
> > @OpenNebula<http://twitter.com/opennebula><cmartin at opennebula.org>
> >
> >
> > On Tue, Nov 8, 2011 at 2:25 PM, Rolandas Naujikas <
> > rolandas.naujikas at mif.vu.lt> wrote:
> >
> >> Hi,
> >>
> >> Why an user could access private objects from other users in the same
> >> group ?
> >> OpenNebula 3.0 documentation says opposite.
> >> http://opennebula.org/documentation:rel3.0:manage_users
> >>
> >> Regards, Rolandas
> >>
> >> P.S. I have images created with oneadmin and one of them public
> >> (published) and others - no. With regular user (in the group oneadmin) I
> >> can access all user oneadmin images (and create VM from them).
> >> The same was with the group "users".
> >> _______________________________________________
> >> Users mailing list
> >> Users at lists.opennebula.org
> >> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
> >>
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20111110/bb12a820/attachment-0002.htm>
More information about the Users
mailing list