[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] xm command as non-root


  • From: Jakub Kulesza <jakkul@xxxxxxxxx>
  • Date: Thu, 6 Jun 2013 17:05:09 +0200
  • Cc: xen-users <xen-users@xxxxxxxxxxxxx>
  • Delivery-date: Thu, 06 Jun 2013 15:06:09 +0000
  • List-id: Xen user discussion <xen-users.lists.xen.org>

In this case I would recommend:
- configuring sudo to run xm as root without password
- setting up a script named "xm" in your /usr/bin/local that would do "sudo /usr/sbin/xm $@" since xm is in /usr/sbin and normal users won't reach there

and you're done!


2013/6/6 mitch@xxxxxxxxxxxx <mitch@xxxxxxxxxxxx>

Setuid / setgid only works if a program is designed to work that way though – right?

So I’m presuming you know that xm / xl are?

A lot of programs used to NOT go to that extra effort – I guess there are more opportunities for abuse right?

It’s kind of why sudo got created – sort of a wrapper for the functionality iirc.

I never would have expected xm/xl to be ready for that or thought it would have been in the man or something J

Maybe it is somewhere.

Cheers!

M

 

From: xen-users-bounces@xxxxxxxxxxxxx [mailto:xen-users-bounces@xxxxxxxxxxxxx] On Behalf Of Jakub Kulesza
Sent: June 6, 2013 5:07 AM
Cc: xen-users
Subject: Re: [Xen-users] xm command as non-root

 

Here you can find information on what needs to be done :D

 

 

real question is why you want to do it? If you use this method everyone, or a specified group will have the right to run the file.

 

2013/6/6 Jaya Dhanesh <jaya.dhanesh@xxxxxxxxxxxx>

Thanks folks, I am aware of sudo but wont be able to take that option. Is there any other way?


On 06/06/2013 12:11 AM, Sean Greenslade wrote:

On Wed, Jun 05, 2013 at 06:37:41PM +0000, mitch@xxxxxxxxxxxx wrote:

I'm going to go out on a limb here and say (without testing) that you could set up sudo?
Sudo will allow you to configures users who can run commands (and what commands they can run) as another user (including of course root).
Some distros insist this is the only way to run root commands - lots of options, but that might be the best thing to look at?
HTH
m

Yes, sudo works perfectly for xm / xl. In fact, there are ways that you
can configure sudo to not require a password on certain commands. It
reduces the security of your system (obviously), but if you only set it
up for commands that can't do damage (e.g. xl list), you should be OK.

--Sean




_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxx
http://lists.xen.org/xen-users



 

--
Pozdrawiam
Jakub Kulesza




--
Pozdrawiam
Jakub Kulesza
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxx
http://lists.xen.org/xen-users

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.