Umview/kmview as login shells: give each user his/her own view

From Virtualsquare
Revision as of 19:41, 27 December 2012 by Renzo (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

(feature added May 22 2009 in the svn version)

umview and kmview can be used as login shells. The following chunk of a /etc/passwd file defines two users using kmview and umview respectively:

testkm:x:1003:1003:test KM,,,:/home/testvm:/usr/local/bin/kmview
testum:x:1004:1004:test UM,,,:/home/testum:/usr/local/bin/umview

This feature needs also a new configuration file named /etc/viewospasswd. This latter file has two fields per line separated by colons (:) as usual for many configuration files. The first field is the username, the second is the command kmview/umview must run.

testkm:/bin/bash --norc --noprofile /home/testkm/.startviewos
testum:/bin/bash --norc --noprofile /home/testum/.startviewos

In this example the startup scripts are in the users' home dir. This gives users the flexibility to redefine their view. If the feature is used to create security contraints the commands or the scripts should be stored elsewhere and protected from user changes.

The following example of startup script (.startviewos in the example above) gives the user his/her own ip address on vde:

#!/bin/bash --norc
/usr/local/bin/um_add_service umnet
/bin/mount -t umnetlwipv6 none /dev/net/lwip
/usr/local/bin/mstack /dev/net/lwip /bin/ip link set vd0 up
/usr/local/bin/mstack /dev/net/lwip /bin/ip addr add dev vd0
exec /usr/local/bin/mstack /dev/net/lwip /bin/bash -l

(use the permanent option for mount to deny unmount of the stack, if required).

It is also possible for a user to define an encrypted home directory, using encfs. The startup script follows:

#!/bin/bash --norc
/usr/local/bin/um_add_service umfuse
/usr/local/bin/um_add_service viewfs0
/bin/mount -t viewfs /home/testkm/crypt /tmp/testcrypt
/bin/mount -t umfuseencfs -o pre="" /tmp/testcrypt /home/testkm
exec -l /bin/bash

There are many other applications. All the virtualizations provided by umview/kmview can be defined and configured in the stadnard environment for a user.

Personal tools