WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] console access to non root xen 3.0

Subject: Re: [Xen-users] console access to non root xen 3.0
From: Szalai Ferenc <szferi@xxxxxxxxxxxxxxxxxx>
Date: Thu, 06 Apr 2006 10:46:15 +0200
Cc: xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: Thu, 06 Apr 2006 01:46:48 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <60D45469A1AAD311A04C009027B6BF6805E3873D@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <60D45469A1AAD311A04C009027B6BF6805E3873D@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Debian Thunderbird 1.0.7 (X11/20051017)
Steve Brueckner wrote:

Andrew Thompson wrote:
On Wed, Apr 05, 2006 at 09:09:30AM +0200, Szalai Ferenc wrote:
Hi,

Is there any regular way to give console access to specified domU to
not root user? How xen domain providers can solve this problem with
xen 3.x?
Unixshell provides console access to their customers via ssh on an
alternate port(not 22). I know it can be done, I'm just not sure how
they're doing it.
For my personal use, I use xm console as root. A couple of times I've
tried to figure out xencons, but didn't get any further than:
xen ~ # man xencons
No manual entry for xencons
xen ~ # xencons --help
/usr/bin/xencons <host> <port>

If you mean local access (not via the network) then you can use sudo to give
the user permission to execute 'xm console'.  For access to a specific domU
you'd also need to use a separate domU config file for that domain, and give
the user additional sudo access to execute 'xm list.'  Then you can write a
little script the user can execute (but not write!) that will list running
domU's, grep the results for the custom config file name, and awk the output
line for that domain's Id.  Finally, the script would call 'xm console
<id>'.
Yes, the sudo based solutions can be used but I would be very happy if I should not give any kind of direct acces to my dom0 to my useres. So I very intrested for other solution when the console privider application (xencons, xm list etc.) runs in different host than dom0.

--

Regards,
Ferenc


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

<Prev in Thread] Current Thread [Next in Thread>