diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2017-06-29 09:14:46 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2017-06-29 09:20:38 +0000 |
commit | 13f1aa11bd770faf8e66a72a7ac34fc1f7e2305a (patch) | |
tree | 1cdf704c14e208bc35e4ea25569ff14086ae4ed7 /share/man | |
parent | Adding upstream version 20170522. (diff) | |
download | open-infrastructure-compute-tools-13f1aa11bd770faf8e66a72a7ac34fc1f7e2305a.tar.xz open-infrastructure-compute-tools-13f1aa11bd770faf8e66a72a7ac34fc1f7e2305a.zip |
Adding upstream version 20170629.upstream/20170629
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'share/man')
-rw-r--r-- | share/man/container-shell.1.txt | 33 | ||||
-rw-r--r-- | share/man/container-top.1.txt | 75 | ||||
-rw-r--r-- | share/man/container.1.txt | 3 |
3 files changed, 111 insertions, 0 deletions
diff --git a/share/man/container-shell.1.txt b/share/man/container-shell.1.txt index 6d792b8..760e0c5 100644 --- a/share/man/container-shell.1.txt +++ b/share/man/container-shell.1.txt @@ -53,6 +53,39 @@ All container commands are available, see container(1). Additionally, the follow *logout*, *exit:*:: exits container-shell. +USAGE +----- +Although the container-shell can be started from a running system like any other program, the main intend is to use the +container-shell via SSH. That way otherwise unprivileged users have possibility to manage containers without +needing a regular shell login on the container server. + +For usage over SSH a unprivileged user should be created: + + sudo adduser --gecos "container-tools,,," \ + --home /var/lib/container-tools/container-shell \ + --shell /usr/bin/container-shell + +The container-shell can then be allowed for specific SSH keys via /var/ib/container-tools/container-shell/.ssh/authorized_keys like so: + + command="/usr/bin/container-shell",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa [...] + + +RESTRICTED SHELL +---------------- +The container-shell by default grants any user that has access to it to use all available container commands. + +Through two corresponding environment variables users can be allowed or disallowed to use specific container commands. +In connection with SSH this makes it possible to grant certain SSH keys (and by that, users) privileges to operate container +servers without having to give them root access, a login shell at all and prevents them from doing things they are not trusted to do. + +Example (blacklisting): In order to allow all commands except for removing and stopping containers, the following variable can be used: + + command="CONTAINER_COMMANDS_DISABLE='remove stop' /usr/bin/container-shell",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa [...] + +Example (whitelisting): The other way around works too. To disallow all commands except for listing containers and showing the container-tools version, the following variable can be used: + + command="CONTAINER_COMMANDS_ENABLE='list version' /usr/bin/container-shell",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa [...] + SEE ALSO -------- diff --git a/share/man/container-top.1.txt b/share/man/container-top.1.txt new file mode 100644 index 0000000..5cc2a0a --- /dev/null +++ b/share/man/container-top.1.txt @@ -0,0 +1,75 @@ +// container-tools - Manage systemd-nspawn containers +// Copyright (C) 2014-2017 Daniel Baumann <daniel.baumann@open-infrastructure.net> +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see <http://www.gnu.org/licenses/>. + +CONTAINER-TOP(1) +================ +:doctype: manpage +:man manual: Open Infrastructure +:man source: container-tools +:man version: {revnumber} + + +NAME +---- +container-top - Dynamic list container on the system + + +SYNOPSIS +-------- +*container top* ['OPTIONS'] + + +DESCRIPTION +----------- +The container top command dynamically lists container on the system. + + +OPTIONS +------- +The following container options are available, defaults to *--delay 1*: + +*-d, --delay='SECONDS[.TENTHS]'*:: + Specifies the delay between screen updates, defaults to 1. + + +EXAMPLES +-------- +*Dynamically list containers of the local system:*:: + sudo container top + + +SEE ALSO +-------- +container-tools(7), +container(1). + + +HOMEPAGE +-------- +More information about container-tools and the Open Infrastructure project can be found on the homepage at https://open-infrastructure.net. + + +CONTACT +------- +Bug reports, feature requests, help, patches, support and everything else +are welcome on the Open Infrastructure Software Mailing List <software@lists.open-infrastructure.net>. + +Debian specific bugs can also be reported in the Debian Bug Tracking System at https://bugs.debian.org. + + +AUTHORS +------- +container-tools was written by Daniel Baumann <daniel.baumann@open-infrastructure.net>. diff --git a/share/man/container.1.txt b/share/man/container.1.txt index fa94d7f..6bd2a12 100644 --- a/share/man/container.1.txt +++ b/share/man/container.1.txt @@ -83,6 +83,9 @@ The following container commands are available: *status*:: Show container status, see container-status(1). +*top*:: + Dynamic list of container on the system, see container-top(1). + *version*:: Show container-tools version, see container-version(1). |