[one-users] about restricted attributes in ACLs
Ruben S. Montero
rsmontero at opennebula.org
Tue May 8 13:39:15 PDT 2012
Hi
Bypassing the template checks for oneadmin (and oneadmin group)
templates is in 3.4, Are you trying with this version?
Cheers
Ruben
On Tue, May 8, 2012 at 9:07 AM, Guba Sándor <gubasanyi at gmail.com> wrote:
> Maybe I wrong but when I tryed the 1. method. I could create template and
> change permissions but I could not deploy it with other user than oneadmin.
>
> 2012-05-07 23:06 keltezéssel, Ruben S. Montero írta:
>
>> Hi,
>>
>> You can either
>>
>> 1.- Create the templates with oneadmin and set the permissions so
>> everybody or a set of users can use it (this way the template is
>> considered secure). This can be done with onetemplate chmod or setting
>> up an ACL for more complex sharing needs.
>>
>> 2.- Remove CONTEXT/FILES as a VM_RESTRICTED_ATTR in oned.conf so
>> making FILES a valid attribute for every one.
>>
>> Cheers
>>
>> Ruben
>>
>> On Mon, May 7, 2012 at 6:10 PM, Andreas Calvo<andreas.calvo at scytl.com>
>> wrote:
>>>
>>> As per redmine issue http://dev.opennebula.org/issues/1159 , it seems
>>> that only oneadmin templates are not being checked.
>>> In my scenario, users should be able to create their own templates (or
>>> copy from oneadmin's) and fire up instances accessing CONTEXT/FILES.
>>>
>>> I've granted:
>>> 15 @101 --N------ * u---
>>> 22 @101 -H------- * -m--
>>> 23 @101 V--I-T--- @101 umac
>>> 25 @101 V--I-T--- * ---c
>>>
>>> But when a user creates it's own template and tries to start it, it
>>> complains about restricted attributes in CONTEXT/FILES.
>>>
>>> Is it correct to do it that way?
>>>
>>> Thanks
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at lists.opennebula.org
>>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>
>>
>>
>
> _______________________________________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
--
Ruben S. Montero, PhD
Project co-Lead and Chief Architect
OpenNebula - The Open Source Solution for Data Center Virtualization
www.OpenNebula.org | rsmontero at opennebula.org | @OpenNebula
More information about the Users
mailing list