Datastore permission error

I

informant

Renowned Member
Jan 31, 2012
823
11
83
Hi,

we have create a group users and add the users to this group. In datastore we have add rthe group users for right and set this group to pvedatastoreuser. But if a user login and go to datastore, the user can show the backups of all users.
We have test to remove the group in datasore and add users only. The same issue.

How can we fix it, to users show only her own backupfiles?

Please help, it´s a security issue. Very thanks

regards
 
if you add rights to the datastore, you get them.

I see no security issue here, more a missing features.
 
Hi tom and dieter,

yes, rights are added to datastore (show my initial post).

Here the user.cfg:

user:admin@pve:1:0:::::
user:TEST1@pve:1:0:testu1:testmail@gmail.com::
user:root@pam:1:0:::info@test.de::
user:TEST2@pve:1:0:testu2:test2@test.net::
user:TEST3@pve:1:0:testu3:test3@domain.de::

group:Benutzer:TEST1@pve,TEST2@pve,TEST3@pve:Benutzer:
group:Admin:admin@pve:Administrator:

acl:1:/:@Admin:Administrator:
acl:1:/storage/backup-1:@Benutzer:PVEDatastoreUser:
acl:1:/vms/4135:TEST1@pve:PVEVMUser:
acl:1:/vms/4136:TEST2@pve:PVEVMUser:
acl:1:/vms/4138:TEST3@pve:PVEVMUser:


User Test1 can show files of User Test2 and 3. Test 2 all others ...

regards
 
from the pvetest repository, as soon as its uploaded.
 
no need to ask again and again the same. this does not speed up anything.

the pvetest repo is up2date now.
 
Hi tom,

thanks for update.

If it right, that a User can´t delete her own backup(s) in datastore? It´s a other bug?

regards
 
You must log in or register to reply here.
Top Bottom