Re: executing libvirt commands as a different user

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 2016-01-21 14:41, Andrei Perietanu wrote:
> 
> I am using the libvirt API to manage VMs on the system, using a python
> wrapper to execute commands. 
> I need to allow a webserver to access these commands and mostly read
> information about the VMs. The problem is that when using the web
> interface you use are basically running the commands as different user.
> Since libvirtd is run as root by default you get permission errors.
> 
> Is there any way of getting around this without using polkit?

• You can use libvirt over TCP, using SASL/TLS/both auth
• You can configure a user group allowed to use the unix socket and add
the web server's user to it

cf. libvirtd.conf

> 
> Thanks,
> Andrei
> 
> 
> 
> The information transmitted is intended only for the person or entity to
> which it is addressed and may contain confidential and/or privileged
> material. Any review, retransmission, dissemination or other use of or
> taking of any action in reliance upon this information by persons or
> entities other than the intended recipient is prohibited. If you receive
> this in error please contact the sender and delete the material from any
> computer immediately. It is the policy of Klas  Limited to disavow the
> sending of offensive material and should you consider that the material
> contained in the message is offensive you should contact the sender
> immediately and also your I.T. Manager.
> 
> Klas Telecom Inc., a Virginia Corporation with offices at 1101 30th St.
> NW, Washington, DC 20007.
> 
> Klas Limited (Company Number 163303) trading as Klas Telecom, an Irish
> Limited Liability Company, with its registered office at Fourth Floor,
> One Kilmainham Square, Inchicore Road, Kilmainham, Dublin 8, Ireland.
> 
> 
> 
> _______________________________________________
> libvirt-users mailing list
> libvirt-users@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/libvirt-users
> 

-- 
Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas
Systemadministrator
TAO Beratungs- und Management GmbH | Lendplatz 45 | A - 8020 Graz
Mail/XMPP: sven.schwedas@xxxxxx | +43 (0)680 301 7167
http://software.tao.at

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
libvirt-users mailing list
libvirt-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvirt-users
[Index of Archives]     [Virt Tools]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux