Bug #5449

Users can not terminate own VMs

Added by Venko Moyankov over 3 years ago.

Status:PendingStart date:10/10/2017
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:Core & System
Target version:-
Resolution: Pull request:
Affected Versions:OpenNebula 5.4

Description

If user is not a member of oneadmin group, he can not create a VM with admin rights for the owner and can not terminate own VMs, created by himself. The problems seems to be caused of improper working UMASK for non-oneadmin users.

To reproduce the problem:
1) $ oneuser create test test --group users
2) $ oneuser umask test 017
3) $ oneuser show test -x | grep UMASK # note Umask is set correctly <UMASK><![CDATA017]></UMASK>
4) In Sunstone login as user test
5) create new VM instance
6) check VM permissions:
$ onevm show <VM_ID> -x | grep OWNER_
Note <OWNER_A>0</OWNER_A> owner does not have admin permission
7) try to terminate VM in sunstone as user test. Error is returned:
[one.vm.action] User [11] : Not authorized to perform ADMIN VM [291].

Tested on 5.4.1. Not tested on earlier versions.

Also available in: Atom PDF