[Kimchi-devel] Authorization: allow root user specify users/groups to a VM

Aline Manera alinefm at linux.vnet.ibm.com
Tue Jul 8 15:26:26 UTC 2014 

Maybe we can filter users by the UID > 999

User ID (UID): Each user must be assigned a user ID (UID). UID 0 (zero) 
is reserved for root and UIDs 1-99 are reserved for other predefined 
accounts. Further UID 100-999 are reserved by system for administrative 
and system accounts/groups.

But I could not find any criteria we can use for groups

Reference:
http://www.cyberciti.biz/faq/understanding-etcpasswd-file-format/
http://www.cyberciti.biz/faq/understanding-etcgroup-file/


On 07/08/2014 07:09 AM, Yu Xin Huo wrote:
> I tried below:
>
>
>
> On my linux workstation, I only created 2 users: 'root' and 'tify'.
>
> Most of users and groups below look like system users and groups target
> for quite specific purpose.
> Can we do some filtering to only get users and groups that truly related
> to VM assignment?
>
> curl -k -u root:pass -H "Content-Type: applicaion/json" -H "Accept:
> application/json" https://localhost:8001/host/users
> [
>    "root",
>    "bin",
>    "daemon",
>    "adm",
>    "lp",
>    "sync",
>    "shutdown",
>    "halt",
>    "mail",
>    "uucp",
>    "operator",
>    "games",
>    "gopher",
>    "ftp",
>    "nobody",
>    "dbus",
>    "usbmuxd",
>    "rpc",
>    "vcsa",
>    "rtkit",
>    "avahi-autoipd",
>    "saslauth",
>    "postfix",
>    "rpcuser",
>    "nfsnobody",
>    "ntp",
>    "apache",
>    "radvd",
>    "haldaemon",
>    "qemu",
>    "pulse",
>    "gsanslcd",
>    "nm-openconnect",
>    "gdm",
>    "sshd",
>    "tcpdump",
>    "tify",
>    "nginx"
> ]
>
> curl -k -u root:pass -H "Content-Type: applicaion/json" -H "Accept:
> application/json" https://localhost:8001/host/groups
> [
>    "root",
>    "bin",
>    "daemon",
>    "sys",
>    "adm",
>    "tty",
>    "disk",
>    "lp",
>    "mem",
>    "kmem",
>    "wheel",
>    "mail",
>    "uucp",
>    "man",
>    "games",
>    "gopher",
>    "video",
>    "dip",
>    "ftp",
>    "lock",
>    "audio",
>    "nobody",
>    "users",
>    "dbus",
>    "utmp",
>    "utempter",
>    "usbmuxd",
>    "rpc",
>    "avdefs",
>    "floppy",
>    "vcsa",
>    "desktop_admin_r",
>    "desktop_user_r",
>    "rtkit",
>    "avahi-autoipd",
>    "cdrom",
>    "tape",
>    "dialout",
>    "wbpriv",
>    "cgred",
>    "saslauth",
>    "postdrop",
>    "postfix",
>    "rpcuser",
>    "nfsnobody",
>    "ntp",
>    "apache",
>    "radvd",
>    "haldaemon",
>    "kvm",
>    "qemu",
>    "pulse",
>    "pulse-access",
>    "fuse",
>    "ldap",
>    "nm-openconnect",
>    "gdm",
>    "stapusr",
>    "stapsys",
>    "stapdev",
>    "sshd",
>    "tcpdump",
>    "slocate",
>    "tify",
>    "screen",
>    "nginx"
> ]

More information about the Kimchi-devel mailing list