[one-users] Authorization for files datastore

Thu Jun 6 05:42:50 PDT 2013

Hi,

The problem here is that the error message is not clear enough.

Two images cannot have the same name if they are owned by the same user. So
when you use IMAGE="test", that means you are requesting the image with
that name and owned by the user doing the request [1].

If you want to use an image owned by other user, the name is not enough to
identify it, because there could be more than one. This is why you need to
add the owner of the image (with _uname or _uid), or set the image_id
directly.

The error message should be something like Cannot get image named "test"
owned by user <id>. We already have a ticket to change this [2].

Regards

[1] http://opennebula.org/documentation:rel4.0:template#context_section
[2] http://dev.opennebula.org/issues/2093

--
Join us at OpenNebulaConf2013 <http://opennebulaconf.com> in Berlin, 24-26
September, 2013
--
Carlos Martín, MSc
Project Engineer
OpenNebula - The Open-source Solution for Data Center Virtualization
www.OpenNebula.org | cmartin at opennebula.org |
@OpenNebula<http://twitter.com/opennebula><cmartin at opennebula.org>

On Thu, Jun 6, 2013 at 2:01 PM, Jacek Jarosiewicz <nebula at supermedia.pl>wrote:

> that's a question for the developers of opennebula.
>
> I'm just a user :)
>
> Cheers,
> J
>
>
> On 06/06/2013 01:21 PM, Steffen Claus wrote:
>
>> Hi,
>> thanx for you reply - your suggestion worked!
>>
>> But as the image name is correct and recognized whenever I instantiate
>> the template with the other user (the one that owns the file in the files
>> datastore) it still looks like a bug to me.
>>
>> BR,
>> Steffen
>>
>> ----- Ursprüngliche Mail -----
>>
>>> Hi,
>>>
>>> This looks like a problem with identifying image by oned, not like a
>>> problem with permissions.
>>>
>>> try: $FILE[IMAGE_ID=<ID>]
>>>
>>> You can obtain image id from `oneimage list' command
>>>
>>> Cheers,
>>> J
>>>
>>> On 06/06/2013 12:27 PM, Steffen Claus wrote:
>>>
>>>> Dear all,
>>>> I have a question regarding the authorization procedure for using
>>>> files within a template.
>>>>
>>>> There are two users within the same group.
>>>> One user uploads a file to the files datastore.
>>>> The other user tries to instantiate a template that uses the
>>>> aforementioned file within the CONTEXT.
>>>>
>>>> No matter how unrestricted I design the ACLS (allow everything on
>>>> the file itself & global ACL for "Documents" resources), it seems
>>>> like only the owner of the file can use it within a template.
>>>>
>>>> --> Error message:
>>>>
>>>> "[TemplateInstantiate] Error allocating a new virtual machine.
>>>> Error parsing: $FILE[IMAGE="test"].
>>>> Cannot get image (check name/ID or try IMAGE_UNAME or IMAGE_UID)."
>>>>
>>>> Is this an expected behaviour/security feature?
>>>> How are the ACLs supposed to look like?
>>>>
>>>> BR,
>>>> Steffen
>>>>
>>>>
>>>>
>>>
>>> --
>>> Jacek Jarosiewicz
>>>
>>>
>>
>
> --
> Jacek Jarosiewicz
>
> ______________________________**_________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/**listinfo.cgi/users-opennebula.**org<http://lists.opennebula.org/listinfo.cgi/users-opennebula.org>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20130606/c38afcd8/attachment-0002.htm>