[one-users] How to protect a virtual network from being used by users?

Hamada, Ondrej ondrej.hamada at acision.com
Fri Oct 24 06:33:38 PDT 2014


Hi Pavel,

Have you checked ACLs as well? I guess that one of the default ACL grants all users the 'use' permission for all 'networks'.

Ondra

-----Original Message-----
From: Users [mailto:users-bounces at lists.opennebula.org] On Behalf Of Pavel Tankov
Sent: Friday, October 24, 2014 12:09 PM
To: users at lists.opennebula.org
Subject: [one-users] How to protect a virtual network from being used by users?

Hello,

I (as oneadmin) have configured two virtual networks:
- one named "default" for use by regular users to deploy disposable test VMs
- one named "SPECIAL" for use by the admin to create servers that will not be disposable but will stay always ON

Both networks have different IP ranges so that you could easily tell whether it's a server or a disposable test VM by looking at it's IP address.

I have set up Opennebula with LDAP authentication. LDAP users authenticate just fine and are able to create themselves VMs using those templates that the admin has allowed for them. Now, I'd like to make so that only "default" virtual network is exposed to regular users, and "SPECIAL" is not seen by them.

Currently, both networks have the following permissions:

- Owner: use, manage
- Group <none>
- Other: <none>

Users still can use both of these when they deploy a test VM although permissions clearly state they shouldn't be able to see any of them.

What is wrong with the permissions?

--
Pavel Tankov
_______________________________________________
Users mailing list
Users at lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
________________________________
This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you for understanding.


More information about the Users mailing list