On 12/19/2012 12:22 PM, Jiri Belka wrote:
Hi,
ForceCommand for ssh session can force command for logging user.
Problem is ovirt-shell enables shell commands, that's not nice if we would just want to give sysadmins some "restricted" cli for managing oVirt environment.
Why wouldn't you restrict user's permissions via oVirt MLA?, then you just give him permissions to perform certain actions what is works across the stack ui/api/sdk/cli ...
1. Could be implemented an option to disable these shell "escapes"?
Like '-S', so it would be 'comment="/usr/bin/ovirt-shell -S"' in user's authorized_keys.
2. Could be implemented an ovirt-shell command like 'set' to set configuration from ovirt-shell and save it(yes, user in ovirt-shell should not touch filesystem directly)?
Example:
set username = "foo@domain" save -a # save all runtime settings
3. Aliases like in lftp client?
alias lsvmmyvm list vms --query "name=myvm*" save alias lsvmmyvm
Sounds interesting, can you file RFE on this?
jbelka
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
-- Michael Pasternak RedHat, ENG-Virtualization R&D