[one-users] about restricted attributes in ACLs

Ruben S. Montero rsmontero at opennebula.org
Mon May 7 14:06:24 PDT 2012


Hi,

You can either

1.- Create the templates with oneadmin and set the permissions so
everybody or a set of users can use it (this way the template is
considered secure). This can be done with onetemplate chmod or setting
up an ACL for more complex sharing needs.

2.- Remove CONTEXT/FILES as a  VM_RESTRICTED_ATTR in oned.conf so
making FILES a valid attribute for every one.

Cheers

Ruben

On Mon, May 7, 2012 at 6:10 PM, Andreas Calvo <andreas.calvo at scytl.com> wrote:
> As per redmine issue http://dev.opennebula.org/issues/1159 , it seems
> that only oneadmin templates are not being checked.
> In my scenario, users should be able to create their own templates (or
> copy from oneadmin's) and fire up instances accessing CONTEXT/FILES.
>
> I've granted:
>   15     @101     --N------     *     u---
>   22     @101     -H-------     *     -m--
>   23     @101     V--I-T---  @101     umac
>   25     @101     V--I-T---     *     ---c
>
> But when a user creates it's own template and tries to start it, it
> complains about restricted attributes in CONTEXT/FILES.
>
> Is it correct to do it that way?
>
> Thanks
>
> _______________________________________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org



-- 
Ruben S. Montero, PhD
Project co-Lead and Chief Architect
OpenNebula - The Open Source Solution for Data Center Virtualization
www.OpenNebula.org | rsmontero at opennebula.org | @OpenNebula



More information about the Users mailing list