How to execute Proxmox commands (like `qm guest exec`) as separate user?

[carsb]

It is a common security practice to utilize separate users for tasks under Linux (like www for webservers).
I'd like to have a user for qm guest exec on Proxmox host node, but this seems a problem:

root@pve:~# adduser --system guest-exec
root@pve:~# su guest-exec -s /bin/rbash -c '/usr/sbin/qm guest exec some-command'
ipcc_send_rec[1] failed: Unknown error -1
ipcc_send_rec[2] failed: Unknown error -1
ipcc_send_rec[3] failed: Unknown error -1
Unable to load access control list: Unknown error -1

What am I missing here?
As side note: sudo with sudoers entry is a more flexible alternative to su. But Proxmox doesn't have this package installed, so I stick to defaults.

 

[bbgeek17]

Hi @carsb , if "sudo" works for you - you should install that package.

---

Blockbridge : Ultra low latency all-NVME shared storage for Proxmox - https://www.blockbridge.com/proxmox

 

[fba]

Hi,
su is not a valid option, as the cli tools are for root user only. Therefore sudo should work instead.

 

[carsb]

My biggest concern was, if sudo package causes any incompatibilities with Proxmox VE system.
But apparently that is not the case. Hence I'll give it a try. Thanks!