Question of ipmi command "Set User Access" in phosphor-host-ipmid
Joseph Reynolds
jrey at linux.ibm.com
Tue Jun 2 04:56:49 AEST 2020
On 5/25/20 11:28 AM, Thomaiyar, Richard Marian wrote:
> Hi Tony,
>
> Only IPMI offers channel based user level privilege as of now, Redfish
> uses single privilege across all channels. OpenBMC user management is
> designed to have single user level privilege. IPMI is designed to bind
> one of the channel privilege user to the user management, and rest
> maintain in it's own database. LAN 1 is used for that sync.
>
> Note: Discussion started in Redfish forum to have a channel based
> restriction, but it's not yet materialized and requires more takers.
here:
https://redfishforum.com/thread/279/channel-privilege-support-direction-redfish
>
> Regards,
>
> Richard
>
> On 5/25/2020 12:58 PM, Tony Lee (李文富) wrote:
>> In the process of creating an user,
>> I used the ipmi command "ipmitool priv <user id> <privilege level>
>> [<channel number>]".
>> The "UserPrivilege" of the user I created in dbus is empty. Because
>> my LAN channel number is not 1.
>>
>> https://github.com/openbmc/phosphor-host-ipmid/blob/master/user_channel/user_mgmt.cpp#L878
>>
>>
>> Why did it need to check the request channel number before setting
>> the dbus?
>> I can't find the related restriction of it in "Set User Access
>> Command" in IPMI SPEC.
>>
>> Thanks
>> Best Regards,
>> Tony
More information about the openbmc
mailing list