Umview/kmview as login shells: give each user his/her own view
(feature added May 22 2009 in the svn version)
umview and kmview can be used as login shells. The following chunk of a /etc/passwd file defines two users using kmview and umview respectively:
testkm:x:1003:1003:test KM,,,:/home/testvm:/usr/local/bin/kmview testum:x:1004:1004:test UM,,,:/home/testum:/usr/local/bin/umview
This feature needs also a new configuration file named /etc/viewospasswd. This latter file has two fields per line separated by colons (:) as usual for many configuration files. The first field is the username, the second is the command kmview/umview must run.
testkm:/bin/bash --norc --noprofile /home/testkm/.startviewos testum:/bin/bash --norc --noprofile /home/testum/.startviewos
In this example the startup scripts are in the users' home dir. This gives users the flexibility to redefine their view. If the feature is used to create security contraints the commands or the scripts should be stored elsewhere and protected from user changes.
The following example of startup script (.startviewos in the example above) gives the user his/her own ip address on vde:
#!/bin/bash --norc /usr/local/bin/um_add_service umnet /bin/mount -t umnetlwipv6 none /dev/net/lwip /usr/local/bin/mstack /dev/net/lwip /bin/ip link set vd0 up /usr/local/bin/mstack /dev/net/lwip /bin/ip addr add 192.168.10.1/24 dev vd0 exec /usr/local/bin/mstack /dev/net/lwip /bin/bash -l
(use the permanent option for mount to deny unmount of the stack, if required).
It is also possible for a user to define an encrypted home directory, using encfs. The startup script follows:
#!/bin/bash --norc /usr/local/bin/um_add_service umfuse /usr/local/bin/um_add_service viewfs0 /bin/mount -t viewfs /home/testkm/crypt /tmp/testcrypt /bin/mount -t umfuseencfs -o pre="" /tmp/testcrypt /home/testkm exec -l /bin/bash
There are many other applications. All the virtualizations provided by umview/kmview can be defined and configured in the stadnard environment for a user.