C H A P T E R 4
Managing Virtual Machines and the VMware GSX Server Host
119
If you want to limit access to the virtual machine, clear the
Allow inheritable
permissions from parent to propagate to this object
check box.
4. To specify that a user or group that should not have access to the configuration
file, either click
Remove
or check all permissions in the
Deny
column to deny all
permissions to that user or group.
5. To add more users or groups, click
Add
. The Select Users, Computers and Groups
dialog box appears. In the dialog box, select the groups or users that you want to
access the virtual machine, then click
Add
. After you finish adding the users or
groups, click
OK
. The users and groups are added with default
Read
and
Write
permissions. In the Properties dialog box, change the type of access for the user
or group to the configuration file; choose either
Read
or
Read & Execute
and
Write
. Click
OK
to set the permissions to the configuration file.
Authenticating Users and Running Virtual Machines on a GSX
Server for Linux Host
GSX Server for Linux uses Pluggable Authentication Modules (PAM) for user
authentication in the VMware Virtual Machine Console and the VMware Management
Interface. The default installation of GSX Server uses standard Linux
/etc/passwd
authentication, but can be configured to use LDAP, NIS, Kerberos or another
distributed authentication mechanism.
Every time you connect to the GSX Server host with the VMware Virtual Machine
Console or VMware Management Interface, the
inetd
or
xinetd
process runs an
instance of the VMware authentication daemon (
vmware-authd
). The
vmware-
authd
process requests a username and password, then hands them off to PAM,
which performs the authentication.
Once you are authenticated, the console starts or the management interface’s Status
Monitor page appears. What you can now do with the virtual machines is based on
your permissions. See
Understanding Permissions and Virtual Machines on page 114
.
The
vmware-authd
process starts a virtual machine process as the owner of the
configuration file, not as the user connecting to the virtual machine. However, the
user is still restricted by his or her permissions on the configuration file.
Note:
Even if you have full permissions on a configuration file, but you do not have
execute permission to the directory in which the configuration file resides or any of its
parent directories, then you cannot connect to the virtual machine with a VMware
Virtual Machine Console or a VMware Scripting API. Furthermore, you cannot see the
virtual machine in the VMware Management Interface or in the VMware Virtual
Machine Console. Nor can you delete any files in the virtual machine’s directory.
Содержание GSX Server 3 Administration
Страница 1: ...Administration Guide TM...
Страница 8: ...www vmware com 8...
Страница 42: ...www vmware com 42 VMware GSX Server Administration Guide...
Страница 86: ...www vmware com 86 VMware GSX Server Administration Guide...
Страница 184: ...www vmware com 184 VMware GSX Server Administration Guide...
Страница 226: ...www vmware com 226 VMware GSX Server Administration Guide...
Страница 240: ...www vmware com 240...