Hi Zeeshan, Danny, Sunstone in its current version (coming really soon ;) ) is not a public cloud interface, but rather a private cloud interface. In the future, we plan to add role support, so you can have different views depending on the user.
Internal users (private cloud users) can see the global state of the problem, the same way that in a linux OS one user can see other processes with 'ps', or users pf a PBS cluster can see other jobs with a 'qstat'. Although they of course cannot modify each others resources. On the other hand, OCCI and EC2 (public interfaces) _do_ limit the views of the resources. Hope it helps, -Tino -- Constantino Vázquez Blanco | dsa-research.org/tinova Virtualization Technology Engineer / Researcher OpenNebula Toolkit | opennebula.org On Fri, Feb 25, 2011 at 3:01 PM, Danny Sternkopf <danny.sternk...@csc.fi> wrote: > Yep, it is definately a major security risk. > The sunstone WebGUI has a user limited view in contrast. > > > On 2011-02-25 15:58, Zeeshan Ali Shah wrote: >> >> wow, i think user can see each other VM , definately they cannot delete >> them , but they can even look into other vms with onevm show.. >> >> is it normal ? also user can see onehost list and onevnet show. >> >> which is bit issue as user can poke into infrastructure. >> >> with User i mean , normal user you create with oneuser create command >> >> do these concern a security risk ? >> > > -- > Danny Sternkopf, Systems Specialist, Computing Environments > P.O.Box 405, 02101 Espoo, Finland > tel +358 9 457 2003, fax +358 9 457 2302 > Mobile +358 50 381 8569, e-mail danny.sternk...@csc.fi > CSC - IT center for science, http://www.csc.fi > _______________________________________________ > Users mailing list > Users@lists.opennebula.org > http://lists.opennebula.org/listinfo.cgi/users-opennebula.org > _______________________________________________ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
