We’re running LXD on Ubuntu 18.04. I was a little concerned to notice that, by default, any user can execute any LXD command. In particular, any user can delete a container.
It also seems to be the case that any remote LXD user, once they are in the trust list, can execute any command.
Is there a way to restrict access to LXD operations? Or is it all-or-nothing?
The security section of the documentation only mentions limiting access to /var/lib/lxd/unix.socket
Thanks!