Authorization: allow root user specify users/groups to a VM
I tried below: On my linux workstation, I only created 2 users: 'root' and 'tify'. Most of users and groups below look like system users and groups target for quite specific purpose. Can we do some filtering to only get users and groups that truly related to VM assignment? curl -k -u root:pass -H "Content-Type: applicaion/json" -H "Accept: application/json" https://localhost:8001/host/users [ "root", "bin", "daemon", "adm", "lp", "sync", "shutdown", "halt", "mail", "uucp", "operator", "games", "gopher", "ftp", "nobody", "dbus", "usbmuxd", "rpc", "vcsa", "rtkit", "avahi-autoipd", "saslauth", "postfix", "rpcuser", "nfsnobody", "ntp", "apache", "radvd", "haldaemon", "qemu", "pulse", "gsanslcd", "nm-openconnect", "gdm", "sshd", "tcpdump", "tify", "nginx" ] curl -k -u root:pass -H "Content-Type: applicaion/json" -H "Accept: application/json" https://localhost:8001/host/groups [ "root", "bin", "daemon", "sys", "adm", "tty", "disk", "lp", "mem", "kmem", "wheel", "mail", "uucp", "man", "games", "gopher", "video", "dip", "ftp", "lock", "audio", "nobody", "users", "dbus", "utmp", "utempter", "usbmuxd", "rpc", "avdefs", "floppy", "vcsa", "desktop_admin_r", "desktop_user_r", "rtkit", "avahi-autoipd", "cdrom", "tape", "dialout", "wbpriv", "cgred", "saslauth", "postdrop", "postfix", "rpcuser", "nfsnobody", "ntp", "apache", "radvd", "haldaemon", "kvm", "qemu", "pulse", "pulse-access", "fuse", "ldap", "nm-openconnect", "gdm", "stapusr", "stapsys", "stapdev", "sshd", "tcpdump", "slocate", "tify", "screen", "nginx" ]
Maybe we can filter users by the UID > 999 User ID (UID): Each user must be assigned a user ID (UID). UID 0 (zero) is reserved for root and UIDs 1-99 are reserved for other predefined accounts. Further UID 100-999 are reserved by system for administrative and system accounts/groups. But I could not find any criteria we can use for groups Reference: http://www.cyberciti.biz/faq/understanding-etcpasswd-file-format/ http://www.cyberciti.biz/faq/understanding-etcgroup-file/ On 07/08/2014 07:09 AM, Yu Xin Huo wrote:
I tried below:
On my linux workstation, I only created 2 users: 'root' and 'tify'.
Most of users and groups below look like system users and groups target for quite specific purpose. Can we do some filtering to only get users and groups that truly related to VM assignment?
curl -k -u root:pass -H "Content-Type: applicaion/json" -H "Accept: application/json" https://localhost:8001/host/users [ "root", "bin", "daemon", "adm", "lp", "sync", "shutdown", "halt", "mail", "uucp", "operator", "games", "gopher", "ftp", "nobody", "dbus", "usbmuxd", "rpc", "vcsa", "rtkit", "avahi-autoipd", "saslauth", "postfix", "rpcuser", "nfsnobody", "ntp", "apache", "radvd", "haldaemon", "qemu", "pulse", "gsanslcd", "nm-openconnect", "gdm", "sshd", "tcpdump", "tify", "nginx" ]
curl -k -u root:pass -H "Content-Type: applicaion/json" -H "Accept: application/json" https://localhost:8001/host/groups [ "root", "bin", "daemon", "sys", "adm", "tty", "disk", "lp", "mem", "kmem", "wheel", "mail", "uucp", "man", "games", "gopher", "video", "dip", "ftp", "lock", "audio", "nobody", "users", "dbus", "utmp", "utempter", "usbmuxd", "rpc", "avdefs", "floppy", "vcsa", "desktop_admin_r", "desktop_user_r", "rtkit", "avahi-autoipd", "cdrom", "tape", "dialout", "wbpriv", "cgred", "saslauth", "postdrop", "postfix", "rpcuser", "nfsnobody", "ntp", "apache", "radvd", "haldaemon", "kvm", "qemu", "pulse", "pulse-access", "fuse", "ldap", "nm-openconnect", "gdm", "stapusr", "stapsys", "stapdev", "sshd", "tcpdump", "slocate", "tify", "screen", "nginx" ]
On 07/08/2014 12:26 PM, Aline Manera wrote:
Maybe we can filter users by the UID > 999
User ID (UID): Each user must be assigned a user ID (UID). UID 0 (zero) is reserved for root and UIDs 1-99 are reserved for other predefined accounts. Further UID 100-999 are reserved by system for administrative and system accounts/groups.
Seems it is not true for all distributions: http://refspecs.linux-foundation.org/LSB_3.2.0/LSB-Core-generic/LSB-Core-gen... The spec only mentions the UID until 500 So add a filter to users/groups is not be a good idea.
But I could not find any criteria we can use for groups
Reference: http://www.cyberciti.biz/faq/understanding-etcpasswd-file-format/ http://www.cyberciti.biz/faq/understanding-etcgroup-file/
On 07/08/2014 07:09 AM, Yu Xin Huo wrote:
I tried below:
On my linux workstation, I only created 2 users: 'root' and 'tify'.
Most of users and groups below look like system users and groups target for quite specific purpose. Can we do some filtering to only get users and groups that truly related to VM assignment?
curl -k -u root:pass -H "Content-Type: applicaion/json" -H "Accept: application/json" https://localhost:8001/host/users [ "root", "bin", "daemon", "adm", "lp", "sync", "shutdown", "halt", "mail", "uucp", "operator", "games", "gopher", "ftp", "nobody", "dbus", "usbmuxd", "rpc", "vcsa", "rtkit", "avahi-autoipd", "saslauth", "postfix", "rpcuser", "nfsnobody", "ntp", "apache", "radvd", "haldaemon", "qemu", "pulse", "gsanslcd", "nm-openconnect", "gdm", "sshd", "tcpdump", "tify", "nginx" ]
curl -k -u root:pass -H "Content-Type: applicaion/json" -H "Accept: application/json" https://localhost:8001/host/groups [ "root", "bin", "daemon", "sys", "adm", "tty", "disk", "lp", "mem", "kmem", "wheel", "mail", "uucp", "man", "games", "gopher", "video", "dip", "ftp", "lock", "audio", "nobody", "users", "dbus", "utmp", "utempter", "usbmuxd", "rpc", "avdefs", "floppy", "vcsa", "desktop_admin_r", "desktop_user_r", "rtkit", "avahi-autoipd", "cdrom", "tape", "dialout", "wbpriv", "cgred", "saslauth", "postdrop", "postfix", "rpcuser", "nfsnobody", "ntp", "apache", "radvd", "haldaemon", "kvm", "qemu", "pulse", "pulse-access", "fuse", "ldap", "nm-openconnect", "gdm", "stapusr", "stapsys", "stapdev", "sshd", "tcpdump", "slocate", "tify", "screen", "nginx" ]
_______________________________________________ Kimchi-devel mailing list Kimchi-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/kimchi-devel
participants (2)
-
Aline Manera -
Yu Xin Huo