[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[libvirt] Group for accessing one/all VM graphics and not virsh



Hello libvirt people,

is there a (preferably simple) way in Linux to allow a certain set of users to be able to do:

virt-viewer --connect qemu+ssh://username virthost/system vmname

for connecting to virt-viewer BUT without letting them do all the other things that can be done with virsh?

I know that if I add them to the libvirtd and kvm groups, they will be able to connect with virt-viewer to any virtual machine AND ALSO do any virsh command on any virtual machine. This is too much permission.

I can accept the first part (a way to allow a group of user to connect with virt-viewer to all the virtual machines of the host) since more restriction can be enforced by using VNC passwords... But if they are also able to do anything in virsh that's too much.

I am using only qemu and kvm in libvirt.

Thank you
R.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]