Re: [Users] ovirt-shell as ForceCommand for ssh logins
On 12/19/2012 12:22 PM, Jiri Belka wrote:
Hi,
ForceCommand for ssh session can force command for logging user.
Problem is ovirt-shell enables shell commands, that's not nice if we
would just want to give sysadmins some "restricted" cli for managing
oVirt environment.
Why wouldn't you restrict user's permissions via oVirt MLA?,
then you just give him permissions to perform certain actions
what is works across the stack ui/api/sdk/cli ...
1. Could be implemented an option to disable these shell "escapes"?
Like '-S', so it would be 'comment="/usr/bin/ovirt-shell
-S"' in
user's authorized_keys.
2. Could be implemented an ovirt-shell command like 'set' to set
configuration from ovirt-shell and save it(yes, user in ovirt-shell
should not touch filesystem directly)?
Example:
> set username = "foo@domain"
> save -a # save all runtime settings
3. Aliases like in lftp client?
> alias lsvmmyvm list vms --query "name=myvm*"
> save alias lsvmmyvm
Sounds interesting, can you file RFE on this?
jbelka
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
--
Michael Pasternak
RedHat, ENG-Virtualization R&D