Backlog #4807

sudo in sunstone

Added by John Noss about 4 years ago. Updated almost 4 years ago.

Status:PendingStart date:09/20/2016
Priority:SponsoredDue date:
Assignee:-% Done:

0%

Category:Core & System
Target version:-

Description

It would be nice if it were possible to change user in sunstone - ie., to provide a superuser password (such as a user in oneadmin) and then be able to switch user to a different user.

This would be useful when performing actions on behalf of a user, such as launching a vm. (This would also be useful for troubleshooting what another user sees when they sign in.)

This would also be useful for limiting privileges during normal use - ie., when just launching a test vm, do that as a non-privileged user but then have the ability to provide credentials again and sudo to a privileged account in oneadmin group for administering other vms.

History

#1 Updated by Ruben S. Montero about 4 years ago

  • Tracker changed from Feature to Request

#2 Updated by Ruben S. Montero about 4 years ago

  • Tracker changed from Request to Backlog
  • Target version set to Release 5.4

I'm thinking that probably the new group-bound tokens may be used to implement this. The 5.2 tokens works for a group (equivalent to egid for unix process). Maybe we could extend the token to include a eid, so if you have (admin rights on the user) you can produce a token with his identity. Any operation using this token will be as it was performed by the user.

#3 Updated by Ruben S. Montero about 4 years ago

  • Category set to Core & System
  • Priority changed from Normal to High
  • Target version deleted (Release 5.4)

#4 Updated by OpenNebula Systems Support Team almost 4 years ago

  • Priority changed from High to Sponsored

Also available in: Atom PDF