Assign to container specific user

lbg74 · November 23, 2019, 7:25am

Dear Everybody.

In the case of a container created by a specific user, I want to know how only the created user can take control such as stopping or restarting the container.

For example, if the user coco creates a container named c0, the user web does not want to give permission to the c0 container to stop or restart it.

Thank you very much.

simos · November 24, 2019, 9:27pm

Hi!

You would need to use Role Based Access Control (RBAC) for this, and currently it is available only with the Canonical RBAC Service, https://lxd.readthedocs.io/en/latest/security/#role-based-access-control-rbac

Still, the role can be applied per LXD project and there is no (yet?) per-container granularity.