[Fedora-xen] allow non-root user to stop/start xen host
Daniel P. Berrange
berrange at redhat.com
Fri Dec 8 19:52:51 UTC 2006
On Fri, Dec 08, 2006 at 02:29:38PM -0500, Gary Siao wrote:
> hi gurus
>
> i am a newbie to XEN and would like to know if there's a way to allow
> non-root user to use the XM command to stop and start XEN VM hosts.
No standard tools allow this[1]. Letting non-root users stop/start guests is
a potential security hole, because the back-end drivers for the guest access
many privileged files / system resources in Dom0.
Regards,
Dan.
[1] Well technically you can enable HTTP access in XenD, but this is akin
to running a telnet / ssh server with no root password - incredibly
foolish if you care about integrity of your machine.
--
|=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=|
|=- Perl modules: http://search.cpan.org/~danberr/ -=|
|=- Projects: http://freshmeat.net/~danielpb/ -=|
|=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|
More information about the Fedora-xen
mailing list