PAM user with PVE roles

M

Mirmanium

Active Member
Aug 14, 2020
64
9
28
44
Hello community :)

I want to create a PAM user with limited rights in my 1 node PVE host to only allow specific actions as I have on my user in GUI.

I did the following:

  • GUI part: Create new group, new role with selected rights (VM.audit, Sys.Audit, VM.PowerMgmt) and new Pam user in this group.
To make it "loginable" I had to create the Pam user login as root through SSH.


Now I can log in over GUI and ssh.

My question here is: Is there a way to replicate roles I have selected for GUI PAM user to my new linux user so then I can limit actions this user can do once login SSH?

Thank you,
 
no, that is not possible. you can disable SSH access though, or simply not add the user as PAM user but as PVE user.
 
Thanks @fabian for you comment. The thing is I was looking for having a SSH user with exactly these limited roles so the alternative is to use the root ssh user then.
Thank you,
 
BTW, I just end up using proxmox API directly. It gives more flexibility in terms of limited rights per user.
 
  • Like
Reactions: fabian
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom