[one-users] about restricted attributes in ACLs

Ruben S. Montero rsmontero at opennebula.org
Tue May 8 13:39:15 PDT 2012 

Hi

Bypassing the template checks for oneadmin (and oneadmin group)
templates is in 3.4, Are you trying with this version?

Cheers

Ruben


On Tue, May 8, 2012 at 9:07 AM, Guba Sándor <gubasanyi at gmail.com> wrote:
> Maybe I wrong but when I tryed the 1. method. I could create template and
> change permissions but I could not deploy it with other user than oneadmin.
>
> 2012-05-07 23:06 keltezéssel, Ruben S. Montero írta:
>
>> Hi,
>>
>> You can either
>>
>> 1.- Create the templates with oneadmin and set the permissions so
>> everybody or a set of users can use it (this way the template is
>> considered secure). This can be done with onetemplate chmod or setting
>> up an ACL for more complex sharing needs.
>>
>> 2.- Remove CONTEXT/FILES as a  VM_RESTRICTED_ATTR in oned.conf so
>> making FILES a valid attribute for every one.
>>
>> Cheers
>>
>> Ruben
>>
>> On Mon, May 7, 2012 at 6:10 PM, Andreas Calvo<andreas.calvo at scytl.com>
>>  wrote:
>>>
>>> As per redmine issue http://dev.opennebula.org/issues/1159 , it seems
>>> that only oneadmin templates are not being checked.
>>> In my scenario, users should be able to create their own templates (or
>>> copy from oneadmin's) and fire up instances accessing CONTEXT/FILES.
>>>
>>> I've granted:
>>>   15     @101     --N------     *     u---
>>>   22     @101     -H-------     *     -m--
>>>   23     @101     V--I-T---  @101     umac
>>>   25     @101     V--I-T---     *     ---c
>>>
>>> But when a user creates it's own template and tries to start it, it
>>> complains about restricted attributes in CONTEXT/FILES.
>>>
>>> Is it correct to do it that way?
>>>
>>> Thanks
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at lists.opennebula.org
>>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>
>>
>>
>
> _______________________________________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org



-- 
Ruben S. Montero, PhD
Project co-Lead and Chief Architect
OpenNebula - The Open Source Solution for Data Center Virtualization
www.OpenNebula.org | rsmontero at opennebula.org | @OpenNebula

More information about the Users mailing list