[Kimchi-devel] Authorization: allow root user specify users/groups to a VM

Yu Xin Huo huoyuxin at linux.vnet.ibm.com
Tue Jul 8 10:09:42 UTC 2014 

I tried below:



On my linux workstation, I only created 2 users: 'root' and 'tify'.

Most of users and groups below look like system users and groups target 
for quite specific purpose.
Can we do some filtering to only get users and groups that truly related 
to VM assignment?

curl -k -u root:pass -H "Content-Type: applicaion/json" -H "Accept: 
application/json" https://localhost:8001/host/users
[
   "root",
   "bin",
   "daemon",
   "adm",
   "lp",
   "sync",
   "shutdown",
   "halt",
   "mail",
   "uucp",
   "operator",
   "games",
   "gopher",
   "ftp",
   "nobody",
   "dbus",
   "usbmuxd",
   "rpc",
   "vcsa",
   "rtkit",
   "avahi-autoipd",
   "saslauth",
   "postfix",
   "rpcuser",
   "nfsnobody",
   "ntp",
   "apache",
   "radvd",
   "haldaemon",
   "qemu",
   "pulse",
   "gsanslcd",
   "nm-openconnect",
   "gdm",
   "sshd",
   "tcpdump",
   "tify",
   "nginx"
]

curl -k -u root:pass -H "Content-Type: applicaion/json" -H "Accept: 
application/json" https://localhost:8001/host/groups
[
   "root",
   "bin",
   "daemon",
   "sys",
   "adm",
   "tty",
   "disk",
   "lp",
   "mem",
   "kmem",
   "wheel",
   "mail",
   "uucp",
   "man",
   "games",
   "gopher",
   "video",
   "dip",
   "ftp",
   "lock",
   "audio",
   "nobody",
   "users",
   "dbus",
   "utmp",
   "utempter",
   "usbmuxd",
   "rpc",
   "avdefs",
   "floppy",
   "vcsa",
   "desktop_admin_r",
   "desktop_user_r",
   "rtkit",
   "avahi-autoipd",
   "cdrom",
   "tape",
   "dialout",
   "wbpriv",
   "cgred",
   "saslauth",
   "postdrop",
   "postfix",
   "rpcuser",
   "nfsnobody",
   "ntp",
   "apache",
   "radvd",
   "haldaemon",
   "kvm",
   "qemu",
   "pulse",
   "pulse-access",
   "fuse",
   "ldap",
   "nm-openconnect",
   "gdm",
   "stapusr",
   "stapsys",
   "stapdev",
   "sshd",
   "tcpdump",
   "slocate",
   "tify",
   "screen",
   "nginx"
]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/kimchi-devel/attachments/20140708/9f89c8bd/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: jjhcebbi.png
Type: image/png
Size: 3578 bytes
Desc: not available
URL: <http://lists.ovirt.org/pipermail/kimchi-devel/attachments/20140708/9f89c8bd/attachment.png>

More information about the Kimchi-devel mailing list