Group permision -> create a full powered admin group

S

supervache

Member
Dec 6, 2019
27
0
6
34
Hi !

I'm using proxmox 6.1-3 in clustered mode, and when I tried to create a mariadb/debian 10 LXC container, I was stucked with apparmor ( see detail and solution from someone else : https://forum.proxmox.com/threads/proxmox-debian-10-buster-template-and-mariadb.56652/)

So I need to enable "nested" option on each mariadb/debian10 CT. OK, I tried that and it works like a charm.

BUT :

I only can change this settings from PVE webinterface with root user.With my LDAP users, even if my users are un a group with permission path "/" propageted, I can't click "Edit" on the option tab.

Can you explain me why, I how can I delegate rights to enable nested mode to a group of users on all my nodes, and for all of my existing and future containers please ?

I attach screenshots of my group permission, I the grey button "Edit" with a user in the "Administrator" group

Thank you for your help !
 

Attachments

  • permission.png
    permission.png
    12.4 KB · Views: 15
  • Edit_button_grey.png
    Edit_button_grey.png
    39.1 KB · Views: 15
features are only settable by the root user for security reasons
 
Is there no way to delegate features?

To give you context:

In our company, we use several hundred containers, and we are 4 administrators who have to create containers several times a week. I understand that this is security, but asking everyone to use the root account is even worse as security issues.
 
not currently. I'd like to add a special role/privilege between Administrator and root@pam, that could basically do everything that root@pam does that is feasible over the API (there are some root@pam features like piping in a template/backup archive when creating/restoring a container, which is obviously not possible via the API ;)).

filed https://bugzilla.proxmox.com/show_bug.cgi?id=2582 for easier tracking, since it's been on my mind for quite a while. might help to collect some feedback from other devs there, implementation should be fairly straight-forward.
 
  • Like
Reactions: hvisage
please subscribe to the bug - I'll update it once patches and/or packages are available for testing.
 
  • Like
Reactions: hvisage
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back