diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2017-07-28 11:59:25 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2017-07-28 11:59:25 +0000 |
commit | db9a03004fdbab62430f83eebaf2ca52a0643b3b (patch) | |
tree | 757c5a3e162d10848ba6018d8c85a7e646e10376 /share/man/container-shell.1 | |
parent | Adding upstream version 20170722. (diff) | |
download | open-infrastructure-compute-tools-db9a03004fdbab62430f83eebaf2ca52a0643b3b.tar.xz open-infrastructure-compute-tools-db9a03004fdbab62430f83eebaf2ca52a0643b3b.zip |
Adding upstream version 20170726.upstream/20170726
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'share/man/container-shell.1')
-rw-r--r-- | share/man/container-shell.1 | 132 |
1 files changed, 0 insertions, 132 deletions
diff --git a/share/man/container-shell.1 b/share/man/container-shell.1 deleted file mode 100644 index 278ea0b..0000000 --- a/share/man/container-shell.1 +++ /dev/null @@ -1,132 +0,0 @@ -'\" t -.\" Title: container -.\" Author: [see the "AUTHORS" section] -.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> -.\" Date: 20170701 -.\" Manual: Open Infrastructure -.\" Source: container-tools -.\" Language: English -.\" -.TH "CONTAINER" "1" "20170701" "container\-tools" "Open Infrastructure" -.\" ----------------------------------------------------------------- -.\" * Define some portability stuff -.\" ----------------------------------------------------------------- -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.\" http://bugs.debian.org/507673 -.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -container-shell \- Manage systemd\-nspawn containers (shell) -.SH "SYNOPSIS" -.sp -\fBcontainer\-shell\fR -.SH "DESCRIPTION" -.sp -container\-tools provides the system integration for managing containers using systemd\-nspawn\&. -.SH "COMMANDS" -.sp -All container commands are available, see container(1)\&. Additionally, the following commands are specific to container\-shell: -.PP -\fBabout:\fR -.RS 4 -shows introduction (manpage)\&. -.RE -.PP -\fBhelp:\fR -.RS 4 -shows available commands within the container\-shell\&. -.RE -.PP -\fBhelp COMMAND:\fR -.RS 4 -shows help (manpage) for a specific container command\&. -.RE -.PP -\fBlogout\fR, \fBexit:\fR -.RS 4 -exits container\-shell\&. -.RE -.SH "USAGE" -.sp -Although the container\-shell can be started from a running system like any other program, the main intend is to use the container\-shell via SSH\&. That way otherwise unprivileged users have possibility to manage containers without needing a regular shell login on the container server\&. -.sp -For usage over SSH a unprivileged user should be created: -.sp -.if n \{\ -.RS 4 -.\} -.nf -sudo adduser \-\-gecos "container\-tools,,," \e - \-\-home /var/lib/container\-tools/container\-shell \e - \-\-shell /usr/bin/container\-shell -.fi -.if n \{\ -.RE -.\} -.sp -The container\-shell can then be allowed for specific SSH keys via /var/ib/container\-tools/container\-shell/\&.ssh/authorized_keys like so: -.sp -.if n \{\ -.RS 4 -.\} -.nf -command="/usr/bin/container\-shell",no\-port\-forwarding,no\-X11\-forwarding,no\-agent\-forwarding,no\-pty ssh\-rsa [\&.\&.\&.] -.fi -.if n \{\ -.RE -.\} -.SH "RESTRICTED SHELL" -.sp -The container\-shell by default grants any user that has access to it to use all available container commands\&. -.sp -Through two corresponding environment variables users can be allowed or disallowed to use specific container commands\&. In connection with SSH this makes it possible to grant certain SSH keys (and by that, users) privileges to operate container servers without having to give them root access, a login shell at all and prevents them from doing things they are not trusted to do\&. -.sp -Example (blacklisting): In order to allow all commands except for removing and stopping containers, the following variable can be used: -.sp -.if n \{\ -.RS 4 -.\} -.nf -command="CONTAINER_COMMANDS_DISABLE=\*(Aqremove stop\*(Aq /usr/bin/container\-shell",no\-port\-forwarding,no\-X11\-forwarding,no\-agent\-forwarding,no\-pty ssh\-rsa [\&.\&.\&.] -.fi -.if n \{\ -.RE -.\} -.sp -Example (whitelisting): The other way around works too\&. To disallow all commands except for listing containers and showing the container\-tools version, the following variable can be used: -.sp -.if n \{\ -.RS 4 -.\} -.nf -command="CONTAINER_COMMANDS_ENABLE=\*(Aqlist version\*(Aq /usr/bin/container\-shell",no\-port\-forwarding,no\-X11\-forwarding,no\-agent\-forwarding,no\-pty ssh\-rsa [\&.\&.\&.] -.fi -.if n \{\ -.RE -.\} -.SH "SEE ALSO" -.sp -machinectl(1), systemd\-nspawn(1)\&. -.SH "HOMEPAGE" -.sp -More information about container\-tools and the Open Infrastructure project can be found on the homepage at https://open\-infrastructure\&.net\&. -.SH "CONTACT" -.sp -Bug reports, feature requests, help, patches, support and everything else are welcome on the Open Infrastructure Software Mailing List <software@lists\&.open\-infrastructure\&.net>\&. -.sp -Debian specific bugs can also be reported in the Debian Bug Tracking System at https://bugs\&.debian\&.org\&. -.SH "AUTHORS" -.sp -container\-tools was written by Daniel Baumann <daniel\&.baumann@open\-infrastructure\&.net>\&. |