[libvirt] Group for accessing one/all VM graphics and not virsh
reeted at shiftmail.org
Mon Dec 5 17:41:54 UTC 2011
Hello libvirt people,
is there a (preferably simple) way in Linux to allow a certain set of
users to be able to do:
virt-viewer --connect qemu+ssh://username@virthost/system vmname
for connecting to virt-viewer BUT without letting them do all the other
things that can be done with virsh?
I know that if I add them to the libvirtd and kvm groups, they will be
able to connect with virt-viewer to any virtual machine AND ALSO do any
virsh command on any virtual machine. This is too much permission.
I can accept the first part (a way to allow a group of user to connect
with virt-viewer to all the virtual machines of the host) since more
restriction can be enforced by using VNC passwords... But if they are
also able to do anything in virsh that's too much.
I am using only qemu and kvm in libvirt.
More information about the libvir-list