On Mon, Oct 19, 2015 at 01:10:15PM -0400, Jamie Fargen wrote: > As a Systems Administrator, I would like to grant permissions to a certain > VM using unix groups. In this example there is a hypervisor with VMs > A,B,C,D and there is a group called fortadmins. The solution I am searching > forI would just allow fortadmins to use libvirt/virsh commands on VM D. > > Does libvirt/virsh provide any way to easily accomplish this goal? You can accomplish this using polkit http://libvirt.org/acl.html http://libvirt.org/aclpolkit.html Please note, however, that you should not grant the ability to define XML or otherwise make changes to the guest XML, as this privilege is effectively equivalant to having root. Giving users the ability to start/stop VMs is just fine. You can even prevent users from seeing each other's VMs by restricting the 'getattr' and 'read' privileges. In current libvirt GIT there is a example file 'examples/polkit/libvirt-acl.rules' Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| _______________________________________________ libvirt-users mailing list libvirt-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvirt-users
