Hi Not all CONTEXT attributes are restricted, it is only FILES. So we only let oneadmin use CONTEXT/FILES. The rationale behind this is that CONTEXT/FILES means accessing the filesystem using oneadmin priviledges, and so you can use:
CONTEXT= [ FILES = "/var/lib/one/one.db /etc/passwd" ] and now you have access to the whole one.db or passwd file of the frontend. However this maybe safe depending on your setup, e.g. you only let users access through EC2 or OCCI... If you can live with that, simply drop the VM_RESTRICTED_ATTR = "CONTEXT/FILES" in oned.conf Cheers Ruben On Fri, Oct 26, 2012 at 2:53 PM, Steffen Claus < [email protected]> wrote: > Hi, > i have a general question regarding the handling of VM-templates with > CONTEXT parameters. > I know that the owner has to be either "oneadmin" or a member of the > "oneadmin" group. > Since ONE 3.4 it is possible to grant USE-rights on such templates for > normal users. > So far, so good. > > But now I would also like to change the owner of the template to a normal > user. Why is this not possible? What are the main concerns that led to the > decision to only allow "oneadmin" to define CONTEXT parameters, > respectively, possess templates with such parameters? Are there any best > practices how to handle this problem? > > BR, > Steffen Claus > > > > -- > Steffen Claus > > Fraunhofer-Institut für Algorithmen und Wissenschaftliches Rechnen (SCAI) > Schloss Birlinghoven > D-53754 Sankt Augustin > Tel: +49 2241 14-2511 > [email protected] > http://www.scai.fraunhofer.de > _______________________________________________ > Users mailing list > [email protected] > http://lists.opennebula.org/listinfo.cgi/users-opennebula.org > -- Ruben S. Montero, PhD Project co-Lead and Chief Architect OpenNebula - The Open Source Solution for Data Center Virtualization www.OpenNebula.org | [email protected] | @OpenNebula
_______________________________________________ Users mailing list [email protected] http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
