[one-users] about restricted attributes in ACLs
Guba Sándor
gubasanyi at gmail.com
Tue May 8 00:07:26 PDT 2012
Maybe I wrong but when I tryed the 1. method. I could create template
and change permissions but I could not deploy it with other user than
oneadmin.
2012-05-07 23:06 keltezéssel, Ruben S. Montero írta:
> Hi,
>
> You can either
>
> 1.- Create the templates with oneadmin and set the permissions so
> everybody or a set of users can use it (this way the template is
> considered secure). This can be done with onetemplate chmod or setting
> up an ACL for more complex sharing needs.
>
> 2.- Remove CONTEXT/FILES as a VM_RESTRICTED_ATTR in oned.conf so
> making FILES a valid attribute for every one.
>
> Cheers
>
> Ruben
>
> On Mon, May 7, 2012 at 6:10 PM, Andreas Calvo<andreas.calvo at scytl.com> wrote:
>> As per redmine issue http://dev.opennebula.org/issues/1159 , it seems
>> that only oneadmin templates are not being checked.
>> In my scenario, users should be able to create their own templates (or
>> copy from oneadmin's) and fire up instances accessing CONTEXT/FILES.
>>
>> I've granted:
>> 15 @101 --N------ * u---
>> 22 @101 -H------- * -m--
>> 23 @101 V--I-T--- @101 umac
>> 25 @101 V--I-T--- * ---c
>>
>> But when a user creates it's own template and tries to start it, it
>> complains about restricted attributes in CONTEXT/FILES.
>>
>> Is it correct to do it that way?
>>
>> Thanks
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opennebula.org
>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>
>
More information about the Users
mailing list