Simpler solution is using the SYSVINIT package that Adam wrote to manage the access control lists for the switches. It has facilities to help somewhat with this problem, and the price is right.
On 4/21/09 1:58 PM, "RPN01" <[email protected]> wrote: The problem is that not everyone wants to purchase an external security manager simply to get this feature. We have no need for an ESM, as, if one of our four users get out of line, we can just walk over to their cube and whack them with a board. I'm not buying an ESM to un-secure a single entity in an already closed box. That makes no sense at all. No humans use the box directly, and we grant the vSwitch to just short of every virtual machine that uses the box. To have to go through the grant process, no matter if it is in the CP directory, in System Config, or in Autolog1, for every new machine that gets created, and to open the door for human error by forgetting to grant this resource, which needs to be available for everyone on the system, seems at best to be an oversight on IBM's part. ESMs are not the solution to this problem. Sorry. ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
