[SOLVED] pvesh need root account to be run

[evan]

hello everyone,
first of all, thanks for that incredible open source software !

i have a single node setup where I had put a linux user, i can log in the web interface with it :



but when i go in cli to use pvesh it show me that :

evan@pve:~$ pvesh get version
ipcc_send_rec[1] failed: No such file or directory
ipcc_send_rec[2] failed: No such file or directory
ipcc_send_rec[3] failed: No such file or directory
please run as root

with sudo it work perfectly but i want to restrict privilege and not use root for everything :



what can i do to run pvesh from this user ?

i tried to re apply right with this doc but no luck
https://pve.proxmox.com/wiki/User_Management
section real world exemple admin.

Also is there a way to check right and acl with pveum cli? I didn't see anything in the doc.

here my pve version :

Spoiler: pveversion --verbose

proxmox-ve: 5.3-1 (running kernel: 4.15.18-9-pve)
pve-manager: 5.3-5 (running version: 5.3-5/97ae681d)
pve-kernel-4.15: 5.2-12
pve-kernel-4.15.18-9-pve: 4.15.18-30
corosync: 2.4.4-pve1
criu: 2.11.1-1~bpo90
glusterfs-client: 3.8.8-1
ksm-control-daemon: 1.2-2
libjs-extjs: 6.0.1-2
libpve-access-control: 5.1-3
libpve-apiclient-perl: 2.0-5
libpve-common-perl: 5.0-43
libpve-guest-common-perl: 2.0-18
libpve-http-server-perl: 2.0-11
libpve-storage-perl: 5.0-33
libqb0: 1.0.3-1~bpo9
lvm2: 2.02.168-pve6
lxc-pve: 3.0.2+pve1-5
lxcfs: 3.0.2-2
novnc-pve: 1.0.0-2
proxmox-widget-toolkit: 1.0-22
pve-cluster: 5.0-31
pve-container: 2.0-31
pve-docs: 5.3-1
pve-edk2-firmware: 1.20181023-1
pve-firewall: 3.0-16
pve-firmware: 2.0-6
pve-ha-manager: 2.0-5
pve-i18n: 1.0-9
pve-libspice-server1: 0.14.1-1
pve-qemu-kvm: 2.12.1-1
pve-xtermjs: 1.0-5
qemu-server: 5.0-43
smartmontools: 6.5+svn4324-1
spiceterm: 3.0-5
vncterm: 1.5-3
zfsutils-linux: 0.7.12-pve1~bpo1

thanks for your time,
Evan

 

[jim.bond.9862]

[with sudo it work perfectly but i want to restrict privilege and not use root for everything :

I do not understand. Isn't it what sudo is for?

I think it works as it should. If you are new to Linux then you should know that sudo is used on accounts othet than root to elevate privileges. This is how linux controll access I.e. restrict what user can do. Usiong sudo is like using run as admin in windows.
You can configure your account to be as root. But there are still some things that will require sudo or even switching to su mode.
So it works as expected.

 

[evan]

Hello Jim,
thanks for your reply, but i believe i can manage right without sudo (it's not installed by default) because there is this wiki page :
https://pve.proxmox.com/wiki/User_Management
talking about integrated role management.

also i succeded in using curl with my evan account, so i think this is more a problem with a linux file that haven't the good right.

when i look at the pvesh executable (it's in perl), I see it use a module :

use PVE::CLI::pvesh;

PVE::CLI::pvesh->run_cli_handler();

do you know where the code is located?

thanks

 

[dcsapak]

all our cli tools (incl pvesh) bypass the http api and use the perl code directly, thus root is needed

if you want to use the api as a user, use an api client. see https://pve.proxmox.com/wiki/Proxmox_VE_API

 

[evan]

hello, thanks for your reply, i'll go with curl for this time.
could you update the doc to say it explicitly ?
again thanks for this incredible software.

 

[dcsapak]

could you update the doc to say it explicitly ?

this is already documented
quote from the pvesh documentation:

The Proxmox VE management tool (pvesh) allows to directly invoke API function, without using the REST/HTTPS server.

 

[evan]

sorry didn't found that doc when i searched
thanks you!