From 7fe748eb374e1529c5e65143da4940d56af14696 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 25 Jul 2021 08:01:23 +0200 Subject: Merging upstream version 20210725. Signed-off-by: Daniel Baumann --- share/man/container-shell.1.txt | 112 ---------------------------------------- 1 file changed, 112 deletions(-) delete mode 100644 share/man/container-shell.1.txt (limited to 'share/man/container-shell.1.txt') diff --git a/share/man/container-shell.1.txt b/share/man/container-shell.1.txt deleted file mode 100644 index ce5c13c..0000000 --- a/share/man/container-shell.1.txt +++ /dev/null @@ -1,112 +0,0 @@ -// Copyright (C) 2014-2021 Daniel Baumann -// -// SPDX-License-Identifier: GPL-3.0+ -// -// This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation, either version 3 of the License, or -// (at your option) any later version. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see . - -CONTAINER(1) -============ -:doctype: manpage -:man manual: Open Infrastructure -:man source: compute-tools -:man version: {revnumber} - - -NAME ----- -container-shell - Manage systemd-nspawn containers (shell) - - -SYNOPSIS --------- -*container-shell* - - -DESCRIPTION ------------ -compute-tools provides the system integration for managing containers using systemd-nspawn. - - -COMMANDS --------- -All container commands are available, see container(1). Additionally, the following commands are specific to container-shell: - -*about:*:: - shows introduction (manpage). - -*help:*:: - shows available commands within the container-shell. - -*help COMMAND:*:: - shows help (manpage) for a specific container command. - -*logout*, *exit:*:: - exits container-shell. - -USAGE ------ -Although the container-shell can be started from a running system like any other program, the main intend is to use the -container-shell via SSH. That way otherwise unprivileged users have possibility to manage containers without -needing a regular shell login on the container server. - -For usage over SSH a unprivileged user should be created: - - sudo adduser --gecos "compute-tools,,," \ - --home /var/lib/open-infrastructure/container-shell \ - --shell /usr/bin/container-shell - -The container-shell can then be allowed for specific SSH keys via /var/lib/open-infrastructure/container-shell/.ssh/authorized_keys like so: - - command="/usr/bin/container-shell",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-ed25519 [...] - - -RESTRICTED SHELL ----------------- -The container-shell by default grants any user that has access to it to use all available container commands. - -Through two corresponding environment variables users can be allowed or disallowed to use specific container commands. -In connection with SSH this makes it possible to grant certain SSH keys (and by that, users) privileges to operate container -servers without having to give them root access, a login shell at all and prevents them from doing things they are not trusted to do. - -Example (blacklisting): In order to allow all commands except for removing and stopping containers, the following variable can be used: - - command="CONTAINER_COMMANDS_DISABLE='remove stop' /usr/bin/container-shell",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa [...] - -Example (whitelisting): The other way around works too. To disallow all commands except for listing containers and showing the compute-tools version, the following variable can be used: - - command="CONTAINER_COMMANDS_ENABLE='list version' /usr/bin/container-shell",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa [...] - - -SEE ALSO --------- -machinectl(1), -systemd-nspawn(1). - - -HOMEPAGE --------- -More information about compute-tools and the Open Infrastructure project can be found on the homepage at https://open-infrastructure.net. - - -CONTACT -------- -Bug reports, feature requests, help, patches, support and everything else -are welcome on the Open Infrastructure Software Mailing List . - -Debian specific bugs can also be reported in the Debian Bug Tracking System at https://bugs.debian.org. - - -AUTHORS -------- -compute-tools were written by Daniel Baumann and others. -- cgit v1.2.3