Hi, I'd say that the current supported approach is created a datastore for each group as:
1.- Create the datastore for each group 2.- Set SAFE_DIRS for the datastore 3.- Set the ACLs so just the desired group can make use of the Datasore Cheers Ruben On Fri, Jun 8, 2012 at 8:35 AM, Jhon Masschelein <jhon.masschel...@sara.nl> wrote: > Hi, > > I've recently been playing with those settings and we would really like it > if the directives could contain parameters. > > For example, I would like to give access to /Repo/[onegroup]/images or > /repo/[oneuser]/images to the respective groups and users only. > > But as far as I can see, the remote script that does the check (fsrc) does > not know the ONE user or group that is requesting access. > > Wkr, > > Jhon > > On 06/08/2012 12:17 AM, Ruben S. Montero wrote: >> >> Hi >> >> In order to prevent the registration of "unsecure" files (e.g. oneadmin >> ssh key, the whole OpenNebula db) There are certain directories >> restricted to copy from (note that cp operations are made with the >> oneadmin identity). >> >> This can be configured per Datastore as explained in [1]. >> >> So >> >> $ onedatastore update 100 >> >> and then add in the editor session opened by the command: >> >> SAFE_DIRS = "/home/oneadmin/images/" >> >> Cheers >> >> Ruben >> >> [1] >> http://www.opennebula.org/documentation:rel3.4:fs_ds#configuring_the_filesystem_datastores >> >> >> On Thu, Jun 7, 2012 at 4:36 PM, Massimo Canonico <m...@di.unipmn.it> wrote: >>> >>> Hi all, >>> after launching this command: >>> oneimage create ubuntu.oneimg --datastore 100 >>> >>> I got an error: >>> MESSAGE="Error copying image in the repository: Not allowed to copy image >>> file /home/oneadmin/images/CentOS-6.2.img" >>> >>> I have just two machines and they do not share a filesystem, so I decided >>> to >>> create a datastore with "fs" as TYPE and "ssh" as TM: >>> [oneadmin@minicloud03 images]$ onedatastore list >>> ID NAME CLUSTER IMAGES TYPE TM >>> 0 system - 0 - shared >>> 1 default - 0 fs shared >>> 100 minicloudDS - 1 fs ssh >>> >>> Now, I think that the problem is in the host machine. Considering that in >>> the front-end I have used the self-contained mode, which directory should >>> be >>> available in the host? >>> >>> In the host I have a user called "oneadmin" which the home directory is >>> "/var/lib/one". I have created in the host a directory >>> (/var/lib/one/datastores) with no luck. >>> >>> From the front-end to host (minicloud.di.unipmn.it), this command works >>> without problem (no passwd is required): >>> scp <file> minicloud.di.unipmn.it:/var/lib/one/ >>> >>> May you explain me where the image will be copied? >>> >>> Thanks, >>> Massimo >>> _______________________________________________ >>> Users mailing list >>> Users@lists.opennebula.org >>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org >> >> >> >> > > -- > Jhon Masschelein > Senior Systeemprogrammeur > SARA - HPCV > > Science Park 140 > 1098 XG Amsterdam > T +31 (0)20 592 8099 > F +31 (0)20 668 3167 > M +31 (0)6 4748 9328 > E jhon.masschel...@sara.nl > http://www.sara.nl > > > _______________________________________________ > Users mailing list > Users@lists.opennebula.org > http://lists.opennebula.org/listinfo.cgi/users-opennebula.org -- Ruben S. Montero, PhD Project co-Lead and Chief Architect OpenNebula - The Open Source Solution for Data Center Virtualization www.OpenNebula.org | rsmont...@opennebula.org | @OpenNebula _______________________________________________ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
