[Users] ovirt-shell as ForceCommand for ssh logins
Michael Pasternak
mpastern at redhat.com
Wed Dec 19 14:35:43 UTC 2012
On 12/19/2012 12:22 PM, Jiri Belka wrote:
> Hi,
>
> ForceCommand for ssh session can force command for logging user.
>
> Problem is ovirt-shell enables shell commands, that's not nice if we
> would just want to give sysadmins some "restricted" cli for managing
> oVirt environment.
Why wouldn't you restrict user's permissions via oVirt MLA?,
then you just give him permissions to perform certain actions
what is works across the stack ui/api/sdk/cli ...
>
> 1. Could be implemented an option to disable these shell "escapes"?
>
> Like '-S', so it would be 'comment="/usr/bin/ovirt-shell -S"' in
> user's authorized_keys.
>
> 2. Could be implemented an ovirt-shell command like 'set' to set
> configuration from ovirt-shell and save it(yes, user in ovirt-shell
> should not touch filesystem directly)?
>
> Example:
>
> > set username = "foo at domain"
> > save -a # save all runtime settings
>
> 3. Aliases like in lftp client?
>
> > alias lsvmmyvm list vms --query "name=myvm*"
> > save alias lsvmmyvm
Sounds interesting, can you file RFE on this?
>
> jbelka
>
>
>
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
--
Michael Pasternak
RedHat, ENG-Virtualization R&D
More information about the Users
mailing list