[one-users] restricted_attr in oned.conf of ON44
Ruben S. Montero
rsmontero at opennebula.org
Wed Apr 16 07:37:30 PDT 2014
Hi Hyun
We've taken a look into it and it seems to be working. A couple of notes:
1.- VM Template is checked for restricted attributes if the owner is not
oneadmin (or in oneadmin group). The rationale behind it is that oneadmin
can prepare templates with "unsafe" attributes but let the user instantiate
them (but not set or modify the attributes). We'll make it clearer in the
doc.
2. Disk snapshot operation may use the SOURCE attribute but internally, the
user cannot modify or set the SOURCE attribute.
Hope it makes it clearer.
Cheers
Ruben
On Wed, Apr 16, 2014 at 3:22 PM, Carlos Martín Sánchez <
cmartin at opennebula.org> wrote:
> Hi,
>
> There is not much to it, it should be working as you describe. We'll try
> to reproduce it and fix it for 4.6 if it's broken.
> http://dev.opennebula.org/issues/2838
>
> Regards.
>
> --
> Carlos Martín, MSc
> Project Engineer
> OpenNebula - Flexible Enterprise Cloud Made Simple
> www.OpenNebula.org | cmartin at opennebula.org | @OpenNebula<http://twitter.com/opennebula><cmartin at opennebula.org>
>
>
> On Tue, Apr 15, 2014 at 5:50 PM, Hyun Woo Kim <hyunwoo at fnal.gov> wrote:
>
>> Hello,
>>
>>
>> http://docs.opennebula.org/4.4/administration/references/oned_conf.html#oned-conf-restricted-attributes-configuration
>> says we can use {VM,IMAGE}_RESTRICTED_ATTR
>> to restrict users outside the oneadmin group
>>
>> but I experiment as a user whose group is users, not oneadmin
>> to launch a VM from a vm.template with CONTEXT/FILES
>> and onevm disk-snapshot command which must use SOURCE attribute,
>> both work, i.e. restricted_attr do not seem to work..
>>
>> Am I missing something?
>>
>> Thanks,
>> Hyunwoo KIM
>> FermiCloud
>>
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opennebula.org
>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>
>>
>
> _______________________________________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>
>
--
--
Ruben S. Montero, PhD
Project co-Lead and Chief Architect
OpenNebula - Flexible Enterprise Cloud Made Simple
www.OpenNebula.org | rsmontero at opennebula.org | @OpenNebula
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20140416/d7affba3/attachment-0002.htm>
More information about the Users
mailing list