summaryrefslogtreecommitdiffstats
path: root/share/man/container-shell.1.txt
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2021-07-25 06:01:23 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2021-07-25 06:01:23 +0000
commit7fe748eb374e1529c5e65143da4940d56af14696 (patch)
tree3b2b6a32daf4049f02b7c959b6fe0054560995be /share/man/container-shell.1.txt
parentReleasing debian version 20210724-1. (diff)
downloadopen-infrastructure-compute-tools-7fe748eb374e1529c5e65143da4940d56af14696.tar.xz
open-infrastructure-compute-tools-7fe748eb374e1529c5e65143da4940d56af14696.zip
Merging upstream version 20210725.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'share/man/container-shell.1.txt')
-rw-r--r--share/man/container-shell.1.txt112
1 files changed, 0 insertions, 112 deletions
diff --git a/share/man/container-shell.1.txt b/share/man/container-shell.1.txt
deleted file mode 100644
index ce5c13c..0000000
--- a/share/man/container-shell.1.txt
+++ /dev/null
@@ -1,112 +0,0 @@
-// Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net>
-//
-// SPDX-License-Identifier: GPL-3.0+
-//
-// This program is free software: you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation, either version 3 of the License, or
-// (at your option) any later version.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License
-// along with this program. If not, see <https://www.gnu.org/licenses/>.
-
-CONTAINER(1)
-============
-:doctype: manpage
-:man manual: Open Infrastructure
-:man source: compute-tools
-:man version: {revnumber}
-
-
-NAME
-----
-container-shell - Manage systemd-nspawn containers (shell)
-
-
-SYNOPSIS
---------
-*container-shell*
-
-
-DESCRIPTION
------------
-compute-tools provides the system integration for managing containers using systemd-nspawn.
-
-
-COMMANDS
---------
-All container commands are available, see container(1). Additionally, the following commands are specific to container-shell:
-
-*about:*::
- shows introduction (manpage).
-
-*help:*::
- shows available commands within the container-shell.
-
-*help COMMAND:*::
- shows help (manpage) for a specific container command.
-
-*logout*, *exit:*::
- exits container-shell.
-
-USAGE
------
-Although the container-shell can be started from a running system like any other program, the main intend is to use the
-container-shell via SSH. That way otherwise unprivileged users have possibility to manage containers without
-needing a regular shell login on the container server.
-
-For usage over SSH a unprivileged user should be created:
-
- sudo adduser --gecos "compute-tools,,," \
- --home /var/lib/open-infrastructure/container-shell \
- --shell /usr/bin/container-shell
-
-The container-shell can then be allowed for specific SSH keys via /var/lib/open-infrastructure/container-shell/.ssh/authorized_keys like so:
-
- command="/usr/bin/container-shell",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-ed25519 [...]
-
-
-RESTRICTED SHELL
-----------------
-The container-shell by default grants any user that has access to it to use all available container commands.
-
-Through two corresponding environment variables users can be allowed or disallowed to use specific container commands.
-In connection with SSH this makes it possible to grant certain SSH keys (and by that, users) privileges to operate container
-servers without having to give them root access, a login shell at all and prevents them from doing things they are not trusted to do.
-
-Example (blacklisting): In order to allow all commands except for removing and stopping containers, the following variable can be used:
-
- command="CONTAINER_COMMANDS_DISABLE='remove stop' /usr/bin/container-shell",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa [...]
-
-Example (whitelisting): The other way around works too. To disallow all commands except for listing containers and showing the compute-tools version, the following variable can be used:
-
- command="CONTAINER_COMMANDS_ENABLE='list version' /usr/bin/container-shell",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa [...]
-
-
-SEE ALSO
---------
-machinectl(1),
-systemd-nspawn(1).
-
-
-HOMEPAGE
---------
-More information about compute-tools and the Open Infrastructure project can be found on the homepage at https://open-infrastructure.net.
-
-
-CONTACT
--------
-Bug reports, feature requests, help, patches, support and everything else
-are welcome on the Open Infrastructure Software Mailing List <software@lists.open-infrastructure.net>.
-
-Debian specific bugs can also be reported in the Debian Bug Tracking System at https://bugs.debian.org.
-
-
-AUTHORS
--------
-compute-tools were written by Daniel Baumann <daniel.baumann@open-infrastructure.net> and others.