[SOLVED] New PVE administrative user cannot use host shell

[simon_lefisch]

Hi everyone,

I have finally moved away from CentOS 7 to Proxmox and loving it so far.

However when I create a new user with full administrator rights in the PVE realm, that user cannot use the host shell. I found a post from 2019 stating that only a PAM user can do this. Is this still the case? using Linux for the last few years, I do not like logging in as root and prefer logging in as a user with sudo permissions.

Any help would be greatly appreciated. TIA.

 

[ubu]

Yes, only a pam / system user gets a shell access.
If you get your PVE users from AD / LDAP you also need to setup winbind or sssd to get shell access

 

[simon_lefisch]

Thanks for the reply @ubu.

That's a bummer to hear. this host is for personal use so I don't have an AD setup. Is there any other way for that user to have access to the host shell?

 

[Vicente Filho]

I ran into the same issue when I switched to Proxmox. You’re right—Proxmox really leans on PAM for shell access. I also prefer not using root, so what worked for me was setting up a PAM user with the right permissions. It’s a bit of a hassle, but it’s the way to go for now.

 

[simon_lefisch]

I ran into the same issue when I switched to Proxmox. You’re right—Proxmox really leans on PAM for shell access. I also prefer not using root, so what worked for me was setting up a PAM user with the right permissions. It’s a bit of a hassle, but it’s the way to go for now.

I've tried to do that but I can't seem to get it right. I tried creating it in the shell but it doesn't show up in the GUI. Also tried in the GUI but can't seem to get it working properly. Have anything I can reference to create a new user?

 

[sw-omit]

For me/us, with a fresh 8.1/8.2 install, from both PAM and PVE users we can "see" the shell tab of the host, but to log in on the shell, we still need a PAM-user (even if you log in from that PAM user, you still need to manually log in, only root directly shows the shell, even if you're a sudo-user.

For us that is good enough, none of our other admins should even need to access the shell for any daily stuff, so having to either switch to root or log in again with a different PAM-user if you really need it for something, isn't that big of a barrier.

If you want to test if it's a permission setting, in the permission-section just add the new user, and from the "/" enable recursive with permission administrator.

 

[simon_lefisch]

For me/us, with a fresh 8.1/8.2 install, from both PAM and PVE users we can "see" the shell tab of the host, but to log in on the shell, we still need a PAM-user (even if you log in from that PAM user, you still need to manually log in, only root directly shows the shell, even if you're a sudo-user.

For us that is good enough, none of our other admins should even need to access the shell for any daily stuff, so having to either switch to root or log in again with a different PAM-user if you really need it for something, isn't that big of a barrier.

If you want to test if it's a permission setting, in the permission-section just add the new user, and from the "/" enable recursive with permission administrator.

Yea it's the same for me, I need to login to the shell with a PAM/root user. Not that bog of a barrier for me either, it's just nice being able to use a user with sudo permissions. If I do need the shell, I'll just login with root from my administrative user.

I did try testing with a PVE user and gave the proper permissions but still the same issue, had to login with a PAM user. I'll prob just call this issue resolved for now.

Thanks everyone for all the info.