hi gurus
i am a newbie to XEN and would like to know if there's a way to allow non-root user to use the XM command to stop and start XEN VM hosts.
thanks !
On Fri, Dec 08, 2006 at 02:29:38PM -0500, Gary Siao wrote:
hi gurus
i am a newbie to XEN and would like to know if there's a way to allow non-root user to use the XM command to stop and start XEN VM hosts.
No standard tools allow this[1]. Letting non-root users stop/start guests is a potential security hole, because the back-end drivers for the guest access many privileged files / system resources in Dom0.
Regards, Dan.
[1] Well technically you can enable HTTP access in XenD, but this is akin to running a telnet / ssh server with no root password - incredibly foolish if you care about integrity of your machine.
On Fri, Dec 08, 2006, Daniel P. Berrange wrote:
On Fri, Dec 08, 2006 at 02:29:38PM -0500, Gary Siao wrote:
hi gurus
i am a newbie to XEN and would like to know if there's a way to allow non-root user to use the XM command to stop and start XEN VM hosts.
No standard tools allow this[1]. Letting non-root users stop/start guests is a potential security hole, because the back-end drivers for the guest access many privileged files / system resources in Dom0.
You could also use sudo. xm is just 'another command' (with, as Daniel said, all the potential security issues.)
Adrian
-
Adrian Chadd -
Daniel P. Berrange -
Gary Siao