VSphere client on Linux
Edward Ned Harvey
blu-Z8efaSeK1ezqlBn2x/YWAg at public.gmane.org
Sat Apr 23 08:42:38 EDT 2011
> From: discuss-bounces-mNDKBlG2WHs at public.gmane.org [mailto:discuss-bounces-mNDKBlG2WHs at public.gmane.org] On Behalf
> Of Jerry Feldman
>
> One of our requirements is that everyone in our office be able to start
> up their VMs. The IT guy in New York told me that he would give me what
> I need,, but at the present time, Toronto is in charge. I've got about
> 10 more VMs that need to be migrated, and I'll let the Toronto people
> move them since I have a couple of development projects.
Ah yes. That can be done via command line or ssh. You don' t need the
vsphere client for that. But I think all commands run as root, so if
somebody has the ability to start their own machine, it implicitly means
they also have the ability to shutdown everyone else's machines. And
snapshot, and clone, and copy. Which means security is nonexistent. (Duh,
you needed to give root to the users.)
So it's probably best for you to write some sort of wrapper script that
obfuscates that ability. Don't tempt users to be bad, in fact, maybe even
prevent them. ;-)
More information about the Discuss
mailing list