[Users] ovirt-shell as ForceCommand for ssh logins

Michael Pasternak mpastern at redhat.com
Wed Dec 19 14:35:43 UTC 2012


On 12/19/2012 12:22 PM, Jiri Belka wrote:
> Hi,
> 
> ForceCommand for ssh session can force command for logging user.
> 
> Problem is ovirt-shell enables shell commands, that's not nice if we
> would just want to give sysadmins some "restricted" cli for managing
> oVirt environment.

Why wouldn't you restrict user's permissions via oVirt MLA?,
then you just give him permissions to perform certain actions
what is works across the stack ui/api/sdk/cli ...

> 
> 1. Could be implemented an option to disable these shell "escapes"?
> 
>    Like '-S', so it would be 'comment="/usr/bin/ovirt-shell -S"' in
>    user's authorized_keys.
> 
> 2. Could be implemented an ovirt-shell command like 'set' to set
>    configuration from ovirt-shell and save it(yes, user in ovirt-shell
>    should not touch filesystem directly)?
> 
>    Example:
> 
>    > set username = "foo at domain"
>    > save -a # save all runtime settings
> 
> 3. Aliases like in lftp client?
> 
>    > alias lsvmmyvm list vms --query "name=myvm*"
>    > save alias lsvmmyvm

Sounds interesting, can you file RFE on this?

> 
> jbelka
> 
> 
>    
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users


-- 

Michael Pasternak
RedHat, ENG-Virtualization R&D



More information about the Users mailing list