[one-users] about restricted attributes in ACLs
Andreas Calvo
andreas.calvo at scytl.com
Tue May 8 00:10:29 PDT 2012
Thanks,
I didn't about the latter one, and will use it.
On Mon, 2012-05-07 at 23:06 +0200, Ruben S. Montero wrote:
> Hi,
>
> You can either
>
> 1.- Create the templates with oneadmin and set the permissions so
> everybody or a set of users can use it (this way the template is
> considered secure). This can be done with onetemplate chmod or setting
> up an ACL for more complex sharing needs.
>
> 2.- Remove CONTEXT/FILES as a VM_RESTRICTED_ATTR in oned.conf so
> making FILES a valid attribute for every one.
>
> Cheers
>
> Ruben
>
> On Mon, May 7, 2012 at 6:10 PM, Andreas Calvo <andreas.calvo at scytl.com> wrote:
> > As per redmine issue http://dev.opennebula.org/issues/1159 , it seems
> > that only oneadmin templates are not being checked.
> > In my scenario, users should be able to create their own templates (or
> > copy from oneadmin's) and fire up instances accessing CONTEXT/FILES.
> >
> > I've granted:
> > 15 @101 --N------ * u---
> > 22 @101 -H------- * -m--
> > 23 @101 V--I-T--- @101 umac
> > 25 @101 V--I-T--- * ---c
> >
> > But when a user creates it's own template and tries to start it, it
> > complains about restricted attributes in CONTEXT/FILES.
> >
> > Is it correct to do it that way?
> >
> > Thanks
> >
> > _______________________________________________
> > Users mailing list
> > Users at lists.opennebula.org
> > http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>
>
>
More information about the Users
mailing list