[SOLVED] It is possible to delete Disks of VMs that do not have display permissions.

marimelon · Feb 15, 2023

A user who does not have view privileges on a VM can delete that VM's Disk.
An error occurs in a running VM, but a stopped VM can actually be deleted.

・root user view

・Limited user view

fiona · Feb 16, 2023

Hi,
did you actually try and remove a test image as the user? If the user has Datastore.Allocate permissions for the storage, they can remove all volumes on the storage (even if a VM with the volume exists), otherwise the back-end will complain.

I suspect this is a GUI "bug" only: because the user can't see that the VM exists, the GUI doesn't complain about the existing VM. But to "solve" it, you would leak the information that a VM with that ID exists to the user.

marimelon · Feb 16, 2023

Thanks for the answer.

I decided to give User the Datastore.AllocateSpace permission instead of Datastore.Allocate.

fiona · Feb 16, 2023

marimelon said:
Thanks for the answer.

I decided to give User the Datastore.AllocateSpace permission instead of Datastore.Allocate.

Then an attempt to remove a disk should fail in the backend. I guess the UI could just grey out the remove button for users that neither have permissions on the VM nor Datastore.Allocate on the storage. Feel free to open an enhancement request on our bug tracker: https://bugzilla.proxmox.com/

Search

Search

[SOLVED] It is possible to delete Disks of VMs that do not have display permissions.

marimelon

New Member

fiona

Proxmox Staff Member

marimelon

New Member

fiona

Proxmox Staff Member