[one-users] problem with access to objects in opennebula 3.0

Carlos Martín Sánchez cmartin at opennebula.org
Thu Nov 10 07:03:45 PST 2011 

Hi,

When users list resources in their group, they can see all the existing
objects, but only show (see the extended information) and use the public
ones. You can customize this behaviour using groups [1] and ACL rules [2].

In the next version, resources will have two flags: public and shared, and
it will be a bit more intuitive.
You can read more about this in the thread "[one-users] groups and
images/templates" [4], or follow the development in its ticket [5]

Regards.

[1] http://opennebula.org/documentation:rel3.0:manage_users
[2] opennebula.org/documentation:rel3.0:manage_acl
[3] http://dev.opennebula.org/issues/862
[4] http://www.mail-archive.com/users@lists.opennebula.org/msg04187.html
[5] http://dev.opennebula.org/issues/862
--
Carlos Martín, MSc
Project Engineer
OpenNebula - The Open Source Toolkit for Data Center Virtualization
www.OpenNebula.org | cmartin at opennebula.org |
@OpenNebula<http://twitter.com/opennebula><cmartin at opennebula.org>


2011/11/8 Rolandas Naujikas <rolandas.naujikas at mif.vu.lt>

> On 2011-11-08 16:16, Carlos Martín Sánchez wrote:
> > Hi,
> >
> > Users in the oneadmin group are authorized to perform any operation [1].
>
> Thanks.
>
>  ID USER     GROUP    NAME            SIZE TYPE          REGTIME PUB
> PER STAT  RVMS
>   0 oneadmin users    10G-qcow2         0M   OS   11/08 09:43:31 Yes
> No  rdy     0
>   2 oneadmin users    debian-6.0-a      1G   OS   11/08 11:04:30  No
> No used     7
>
> When I (regular user from group "users") tried to use this image (ID=2)
> I got error (not authorized) - so it works.
>
> Problem is that regular user could see private (not public) images from
> other users.
>
> Regards, Rolandas
>
> > Regards.
> >
> > [1]
> >
> http://opennebula.org/documentation:rel3.0:manage_acl#how_permission_is_granted_or_denied
> > --
> > Carlos Martín, MSc
> > Project Engineer
> > OpenNebula - The Open Source Toolkit for Data Center Virtualization
> > www.OpenNebula.org | cmartin at opennebula.org |
> > @OpenNebula<http://twitter.com/opennebula><cmartin at opennebula.org>
> >
> >
> > On Tue, Nov 8, 2011 at 2:25 PM, Rolandas Naujikas <
> > rolandas.naujikas at mif.vu.lt> wrote:
> >
> >> Hi,
> >>
> >> Why an user could access private objects from other users in the same
> >> group ?
> >> OpenNebula 3.0 documentation says opposite.
> >> http://opennebula.org/documentation:rel3.0:manage_users
> >>
> >> Regards, Rolandas
> >>
> >> P.S. I have images created with oneadmin and one of them public
> >> (published) and others - no. With regular user (in the group oneadmin) I
> >> can access all user oneadmin images (and create VM from them).
> >> The same was with the group "users".
> >> _______________________________________________
> >> Users mailing list
> >> Users at lists.opennebula.org
> >> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
> >>
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20111110/bb12a820/attachment-0003.htm>

More information about the Users mailing list