How to create new user account similar to root

bond347

Member
Oct 21, 2022
68
0
6
Hi All,

I have a 3 hosts cluster setup. I wanted to create a new user account "pveuser1" and give permissions similar to or almost similar to root user account.

1. Do i need to create pveuser1 in all 3 hosts?
2. How to give root permission to the user?

Hope you get some replies.
 
no, user configuration is shared across the cluster. if you want to create it in the PAM realm, you do need to first create the actual system user on each node though.

you can then give that user roles (Administrator is the one with all privileges) on paths. note that some parts/features are restricted to the actual root@pam user with no way to delegate - see https://bugzilla.proxmox.com/show_bug.cgi?id=2582
 
  • Like
Reactions: bond347
Hi Leesteken and Fabian,

Thanks for replies.

I'm bit confuse with Linux PAM and PVE Authentication.

What i wanted was, create group "admin" with Administrator role and assign user1 to group "admin". This way, i just grant/revoke permission from the group rather than user itself. user1 must be able to:
1. Can login to proxmox gui as administrator
2. Can navigate/access to the 3 host-cluster.
3. Able to create VMs, storage, etc.
4. Able to ssh to hosts

Note: Like user root, can login to GUI and do all the works and also can ssh to the hosts too.

So, what user authentication method and what should i do to create the user?
 
Last edited:
if you want SSH, then you need a PAM user. create the user on the system (e.g., with "adduser"), then make PVE aware of it (by adding it to the PAM realm in PVE), then give it the ACLs you desire.
 
  • Like
Reactions: bond347
In addition to that you can also create custom roles. Then assign the privileges you like to that role and give these users that role. This way you don't have to assign all those single privileges to each of those admin users.
This is then similar to assigning users to group, if you think of the roles like some kind of group.
 
Last edited:
  • Like
Reactions: bond347
if you want SSH, then you need a PAM user. create the user on the system (e.g., with "adduser"), then make PVE aware of it (by adding it to the PAM realm in PVE), then give it the ACLs you desire.
Hi Fabian,

Thanks for guides. Managed to create a PAM user in each systems and create PAM user account on PVE too.

My user1 is part of a Administrator group. I was able to SSH-in. However, when i execute commands i see error "#cat: /etc/pve/user.cfg: Permission denied"

What was wrong? Which steps do i missed out?
 
that file is not readable by regular PAM users, only by www-data and root.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!