Creating a restricted shell user?

RJF_Lifetime

New Member
Dec 12, 2019
2
0
1
26
Hello,
I'm trying to implement some secure automation by creating a PAM user that can only run qm commands. Currently, the user can only run commands in their home directory, but softlinking qm into that directory gives the following error.
Code:
ipcc_send_rec[1] failed: No such file or directory
ipcc_send_rec[2] failed: No such file or directory
ipcc_send_rec[3] failed: No such file or directory
please run as root
Is there a way to run qm without having root privileges?
Many thanks.
 

fabian

Proxmox Staff Member
Staff member
Jan 7, 2016
3,703
569
133
no, the CLI tools are all root-only (they use the perl code directly, and much of that code needs to be privileged to access storage, create network devices, etc.pp.).
 

RJF_Lifetime

New Member
Dec 12, 2019
2
0
1
26
no, the CLI tools are all root-only (they use the perl code directly, and much of that code needs to be privileged to access storage, create network devices, etc.pp.).
Perfect, thank you for a prompt and clear answer. We found that we can achieve what we want by giving the account sudo access to only the commands we want, in this case qm.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE and Proxmox Mail Gateway. We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!