You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
36 lines
1.1 KiB
Perl
36 lines
1.1 KiB
Perl
#!/usr/bin/perl
|
|
#
|
|
# virssh - allow users to control their libvirt VM through SSH.
|
|
#
|
|
# For usage please see README.md.
|
|
#
|
|
|
|
use strict;
|
|
use warnings;
|
|
|
|
my $logtag = $0;
|
|
my $vm = $ARGV[0];
|
|
my $HOSTNAME = `hostname -f` || "vmserver"; chomp($HOSTNAME);
|
|
my $USER = $ENV{"USER"} || "vmadmin";
|
|
my $SSH_ORIGINAL_COMMAND = $ENV{"SSH_ORIGINAL_COMMAND"} || "";
|
|
|
|
if ($SSH_ORIGINAL_COMMAND =~ /^sudo virsh (list|console $vm|destroy $vm|shutdown $vm|start $vm( --console)?)$/s) {
|
|
system("logger", "-t", "$logtag", "Allowing command \"$SSH_ORIGINAL_COMMAND\"");
|
|
exec $SSH_ORIGINAL_COMMAND
|
|
} else {
|
|
system("logger", "-t", "$logtag", "ALERT: NOT allowing command \"$SSH_ORIGINAL_COMMAND\"");
|
|
print STDERR "ALERT: NOT allowing command \"$SSH_ORIGINAL_COMMAND\"\n";
|
|
print STDERR <<EOF;
|
|
Allowed commands for you are:
|
|
|
|
ssh -t $USER\@$HOSTNAME sudo virsh list
|
|
ssh -t $USER\@$HOSTNAME sudo virsh console $vm
|
|
ssh -t $USER\@$HOSTNAME sudo virsh destroy $vm
|
|
ssh -t $USER\@$HOSTNAME sudo virsh shutdown $vm
|
|
ssh -t $USER\@$HOSTNAME sudo virsh start $vm
|
|
ssh -t $USER\@$HOSTNAME sudo virsh start $vm --console
|
|
|
|
EOF
|
|
exit(2);
|
|
}
|