Inconsistent Permissions between OpenID Admin user and 'root' user
- Thread starter wavesound
- Start date
Other Linux PAM users also don't have access to this, but would you even want users to be able to change ACME-settings for nodes they might not even have access to (possibly even bringing down the web-GUI on those nodes)?
Also, from the certificate-section of each node, you can still add (new) ACME-settings through there (there is at least a working button for it, but since I don't use it, I can't test it)
You would also still need that root user for Updates (you can view updates with admin-users but only install them under root) anyway, so the account should be used often enough either way (if you want to stay on top of the updates
).
Also, from the certificate-section of each node, you can still add (new) ACME-settings through there (there is at least a working button for it, but since I don't use it, I can't test it)
You would also still need that root user for Updates (you can view updates with admin-users but only install them under root) anyway, so the account should be used often enough either way (if you want to stay on top of the updates
).
Last edited:
accessing the root shell.
This holds in general true for anything that needs root permissions and can potentially change system settings.
Technically not fully
A created PAM-user with sudo-rights assigned to it can still access the root shell, even from the GUI, they'll just have to log in a second time (and run sudo+password)
But indeed, if the GUI needs root permission, it needs to be done from the "real" root account
Sure, yet I was talking about the Server -> Shell functionality. Even if you've got all permissions to administer your PVE host, you will not be able to login as root (as in without a credentials). Sure you can always login with credentials.