[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Xen and Enomaly


  • To: Olivier LAMBERT <lambert.olivier@xxxxxxxxx>
  • From: Thiago Camargo Martins Cordeiro <thiagocmartinsc@xxxxxxxxx>
  • Date: Fri, 11 Sep 2009 19:00:06 -0300
  • Cc: Grant McWilliams <grantmasterflash@xxxxxxxxx>, xen-users@xxxxxxxxxxxxxxxxxxx, Longina Przybyszewska <longina@xxxxxxxxxxxx>
  • Delivery-date: Fri, 11 Sep 2009 15:01:04 -0700
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=BsFKoo9c/5+xQ6wFfWjnPE/A6QU4jhrPof5+6lJ0INYRCNoOoGP7sIqqi2cE/R7Te5 27MDkewD5BM6gvAcJfRpgSZHNjgHTHbgPivl4SdvpKm27v/xyAwfM0GTFI3HWGJB9orm VfU2dAOopy3jvvDk3v9dsUxTmqnONR2fX+RSg=
  • List-id: Xen user discussion <xen-users.lists.xensource.com>

That's the way the Eucalyptus works!  :-D

2009/9/11 Olivier LAMBERT <lambert.olivier@xxxxxxxxx>
1) Yes, in the first step, the htaccess restrict only for the page :
after correct login, you can admin everything.
2) But your feature is an interesting one, so I'll do my best to
implement this functionality, seems to be able to that fast => sql
table with which user can view assigned VM (admin can view/edit every
VM, guest can only view and Bob can edit its "own" for example).

Thanks for your idea.

Regards,


Olivier.

On Fri, Sep 11, 2009 at 10:49 PM, Grant McWilliams
<grantmasterflash@xxxxxxxxx> wrote:
>>
>>
>> So, no root or other stuff like that. In my case, I choose to make
>> things simple : just an htaccess (so far).
>>
>> With the API, you've got access to the entire Xen daemon, but I think
>> it's not so hard to restrict an user to a VM (or more). It's "just" an
>> added layer, can be interfaced with ldap, mysql or pgsql database,
>> with adaquates informations on users.
>>
>> For your "feature request", I think I'll do, but in a first time, my
>> goal is to admin Xen easily. But ASAP, I'll try to respond to your
>> request.
>> And as it's a open source project, everyone can contribute, so.. more
>> we are, more the project will be great :)
>>
>> Regards,
>
> So currently you're using .htaccess to limit who can connect and control the
> VMs but if I understand you there's no limit what that person can do?
> If Bob (we like calling him Bob) logs into Orchestra he can restart ALL VMs?
> I don't know if this helps me any since I could just grant people sudo
> access to the xm command.
>
> If however you set it up so there's a database table that lists access
> rights and when creating a VM you assign admins to it this would be ideal.
> If Bob logs in your code would look up the database record to see what bob
> could do and restrict his actions to his own VM. Like you said I don't think
> this would be difficult code but for my project definitely needed. It's
> already very easy to start/stop domUs. I could set up a web page in about 30
> seconds that does the same thing (locally) without even using the API. I
> realize this is not what you're doing and that the project will grow but I'm
> hoping that this will be a feature you add fairly soon or I can if I have
> time. If I don't have that then it's no more useful than what I have now.
> :-)
>
> Grant McWilliams.
>

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.