Choice of a Container to connect in during the boot [message #35676] |
Mon, 13 April 2009 23:48 |
Balbuzard
Messages: 26 Registered: March 2009 Location: Australia
|
Junior Member |
|
|
Hi!
I use OpenVZ during a while, now, and I just want to know if it is possible to connect to a Container during the boot and forbid to log in another container with OpenVZ tools.
For example, The user switch the computer on, he has the choice of the different containers, he connects to his own. If he wants to switch, he has to know the password of the other one. Exactly the same for a session, but with root rights on it.
Don't hesitate to ask me any question if it is not perfectly clear!
Thanks for your answers!
|
|
|
|
Re: Choice of a Container to connect in during the boot [message #35702 is a reply to message #35688] |
Wed, 15 April 2009 23:24 |
Balbuzard
Messages: 26 Registered: March 2009 Location: Australia
|
Junior Member |
|
|
Ok, thanks a lot for your answer, I will try to make myself more clear,
On the OpenVZ kernel, I have created some containers. When the computer boots, I am not in any container, but I can enter in anyone of them by entering the command vztcl enter 3 for example.
So, if there are a lot of users in this computer, each of them can access to any container.
I just would like to know if there is a way to avoid it, to force to enter a password to access the container. Each user would have his own container.
Then, when the computer boots, is there a way to ask to the user in which container he wants to log on (which may include the physical machine itself)?
I hope it is better explained now, but anyway don't hesitate to tell me if it is not the case
Thanks for you help!
|
|
|
Re: Choice of a Container to connect in during the boot [message #35708 is a reply to message #35702] |
Thu, 16 April 2009 11:52 |
maratrus
Messages: 1495 Registered: August 2007 Location: Moscow
|
Senior Member |
|
|
Hi,
Quote: |
So, if there are a lot of users in this computer, each of them can access to any container.
|
A nonprivileged user cannot enter container only with help of sudo command.
Quote: |
I just would like to know if there is a way to avoid it, to force to enter a password to access the container. Each user would have his own container.
|
There are no standard OpenVZ tools to achieve this goal (frankly speaking, I don't know why do you need such behavior). But I guess, it worth trying to resolve the issue using pure Linux resources.
For example, you can change /etc/passwd (use vipw command) so that the initial command, that are invoked when a user enters the system, would be not a standard /bin/bash but /home/username/enter. /home/username/enter is a bash script which may be a simple "/bin/bash -c "sudo /usr/sbin/vzctl enter $VEID"" command or can carry out more complicated logic.
|
|
|