User administration for instances
Pfaffhausen, 05 July 2012: A few weeks ago, we presented the ArchivistaBox 2012/VII. Today, we present the ArchivistaVM 2012/VII This is actually quite simple: ArchivistaVM is available in all ArchivistaBoxes. Consequently, all users can benefit from user administration in ArchivistaVM 2012/VI Below, you will find a comprehensive introduction to user administration. For it to be available, the date on the CD must be 5 July 2012 or later.
Creating users
Under Configuration, there is now a new menu item called “Users.” Clicking on it results in a form with a list of all users being generated.”root” is the default user created by the system. This user cannot be changed or deleted, and the root user has full rights in ArchivistaVM (as was also previously the case).
A new user is added with the “Create” command. To do this, click on the red arrow to the left of “root” (or any other user) and select the menu option “Create.”
The new user can now be added. A name must be selected for the user. Then the level is defined, i.e. user privileges are allocated. In addition, the IDs of the installed VM guests can be specified in “Virtual machines” (this is only necessary and worthwhile for “single” and “guest” users) and the two last fields are used to define the password.
User levels
An example of an overview of created users is shown below. For the sake of simplification, we have created one user at each level.
The “Admin” level users have access to all functions in ArchivistaVM.
The “User” level gives access to all machines, but not to the advanced administration features of ArchivistaVM.
The “Single” level limits the rights to individual guests. However, the “Single” user is given complete access within these limits, e.g. to start, edit and even delete a machine. At the “Single” level, the desired machines must be entered in “Virtual machines” using the ID number of the machine. Multiple instances must be separated by commas (e.g. “100,102,105”).
The “Guest” level means that access is limited to certain machines. However, a guest may not change any options on the machines, but can simply access the machine through a VNC console and work with it. In order to access a machine, it must have been first started by someone with higher user privileges.
Please note: as the “Admin” and “User” level users have access to the machines at all times, it only makes sense to enter IDs in “Virtual machines” in the case of “single” and “guest” level users.
Login with the user level
Once a user has been created, the user’s name can be used to login instead of “root.” It can be seen that the menus for the configuration of the server are missing at the “user” level. Otherwise, all features are available.
Please note: it is important to understand that users always have access to all machines.
Restriction to individual machines with single level privileges
The user “single” (naturally, a different name can also be used) has been assigned to machine 101, which is completely at his/her disposal.
Please note: while the user does not see the remaining machines, these could be activated by adding the corresponding ID (the menu item “Edit” in the “Users” form); multiple machines must be separated by commas (e.g. “101,102”).
Starting the VNC console or the monitor as a guest
Guests do not have administrator privileges for the machines themselves; they can only start the VNC console and the monitor.
Please note: the buttons for managing instances are not available at the “Single” user level. Only the VNC console can be opened, and this only when the machine has been started.
This completes our introduction to user administration. For those interested in technical matters, it can be mentioned that the user administration is carried out through the file “/etc/pve/users.cfg”; this file must not be edited or deleted, because otherwise the user administration will no longer work correctly, or indeed at all.