WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Xen
Home Products Support Community News

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
<prev [Thread] next>

Re: [Xen-users] console access to non root xen 3.0

from [Dominic Hargreaves] [Permanent Link][Original]
To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] console access to non root xen 3.0
From: Dominic Hargreaves <dom@xxxxxxxx>
Date: Wed, 5 Apr 2006 16:12:55 +0100
Delivery-date: 2006年4月05日 08:13:22 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <60D45469A1AAD311A04C009027B6BF6805E3873D@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <60D45469A1AAD311A04C009027B6BF6805E3873D@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.5.9i 
On Wed, Apr 05, 2006 at 10:19:11AM -0400, Steve Brueckner wrote:
> the user permission to execute 'xm console'. For access to a specific domU
> you'd also need to use a separate domU config file for that domain, and give
> the user additional sudo access to execute 'xm list.' Then you can write a
> little script the user can execute (but not write!) that will list running
> domU's, grep the results for the custom config file name, and awk the output
> line for that domain's Id. Finally, the script would call 'xm console
> <id>'.
Ick! No.
Just give them sudo access to run /usr/sbin/xm console <their name>.
There's no need to parse the output of xm list.
As part of my domain setup script I have
echo "1ドル ALL=NOPASSWD:/usr/sbin/xm console 1,ドル /usr/sbin/xm create -c 
/etc/xen/hosted/1,ドル /usr/sbin/xm destroy 1,ドル /usr/sbin/reimage-dom 1ドル ?" >> 
/etc/sudoers
where reimage-dom is a script that unpacks a fresh tarball onto their
filesytem. Their shell is then set to a custom shell script which
provides a menu interface to let them run these commands, and these
only.
Don't ever let users onto a dom0 machine unless you want them to have
effective root onto all machines. The stakes are too high.
Cheers,
Dominic.
-- 
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date: Re: [Xen-users] vhd file format (MS Virtual PC) usage , Mark Williamson
Next by Date: Re: [Xen-users] Re: usb keyboard and mouse not functioning , Mark Williamson
Previous by Thread: RE: [Xen-users] console access to non root xen 3.0 , Steve Brueckner
Next by Thread: Re: [Xen-users] console access to non root xen 3.0 , Szalai Ferenc
Indexes: [Date] [Thread] [Top] [All Lists]

Copyright ©, Citrix Systems Inc. All rights reserved. Legal and Privacy
Citrix This site is hosted by Citrix

AltStyle によって変換されたページ (->オリジナル) /