Bug #5449
Users can not terminate own VMs
Status: | Pending | Start date: | 10/10/2017 | |
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | - | % Done: | 0% | |
Category: | Core & System | |||
Target version: | - | |||
Resolution: | Pull request: | |||
Affected Versions: | OpenNebula 5.4 |
Description
If user is not a member of oneadmin group, he can not create a VM with admin rights for the owner and can not terminate own VMs, created by himself. The problems seems to be caused of improper working UMASK for non-oneadmin users.
To reproduce the problem:
1) $ oneuser create test test --group users
2) $ oneuser umask test 017
3) $ oneuser show test -x | grep UMASK # note Umask is set correctly <UMASK><![CDATA017]></UMASK>
4) In Sunstone login as user test
5) create new VM instance
6) check VM permissions:
$ onevm show <VM_ID> -x | grep OWNER_
Note <OWNER_A>0</OWNER_A> owner does not have admin permission
7) try to terminate VM in sunstone as user test. Error is returned:
[one.vm.action] User [11] : Not authorized to perform ADMIN VM [291].
Tested on 5.4.1. Not tested on earlier versions.