Q/Problem with User Privileges (bug?)

P

pdanjou

New Member
Sep 16, 2015
6
0
1
V 4.0 Beta
KVM problem

I am running a user with special role: pveum roleadd PVEcus -privs "VM.PowerMgmt VM.Console VM.Config.CDROM VM.Monitor VM.Audit VM.Config.Options"
VM.Config.Options allows me to look into Options Menu and the user can change most options except the Boot order, which is exactly what I need. Which privileges does he need to be able to do that?

SOLVED:
I need a role that allows the user to view config, change ISO in cdrom to install new distros, change boot order, but not be able to change hardware settings, so Admin role is not an option.
If there is no solution to this then: How can I change the boot order during creation via CLI? Or later via CLI. GUI ain't an option.

Furthermore: is there a manual/resource somewhere where there is more detailed information regarding roles/privileges? A way to edit every single option via CLI explained in a simple way would be helpful. I know there is pvesh but I fail to see how to use it properly The wiki page about user management is not sufficient

I tried for a while now but got frustrated enough to register here, thanks for any help in advance.

edit:
ok now I can see via pvesh to get the config, which entails "bootdisk" parameter, but I don't understand how to use set config to set the value...
edit2:
ok I just found this very helpful page: pve.proxmox.com/wiki/Manual:_vm.conf

edit3: ok I solved my problem by simpy adding boot:dcn to the VM config file, but it is an ugle workaround
still leaves to question why the VM.Config.Options doesnt allow boot order editing
 
Last edited:
Hi pdanjou,

You can check the KVM options by using:

Code: 
qm options {vmid}

Or set them using:

Code: 
qm set {vmid} [options]

The CLI generates a really useful man page using the folllowing command where at the end you can find useful examples:

Code: 
man qm
 
Yes thanks.
Do you have a comment on the Options page? I can edit all options except boot order. I assume another privilege is needed for that but I can't guess around.
 
Hi pdanjou,

to edit the boot order configuration you need the VM.Config.Disk privilege set. But you must be aware, that in this case you give the user the add/modify/delete disk permissions.

You can find the wiki covering the privileges here:

https://pve.proxmox.com/wiki/User_Management
 
Last edited:
Ok but that is a problem since the user must not have disk permissions. Is there a way to create new permission roles in single detail?
 
As you know by far, you can create roles (which are lists of privileges), but the privileges themselves are hard coded.

We are reconsidering to change the needed boot order permission privileges, which means the possible changes will be released as a new package update.
 
Basically like PVEVMUser but without backup ability. I only added VM.Config.Options because I thought it enables me to edit the boot order.
Because what good is the "config CDROM" option if you can't change the boot order? :)
Thanks for help ;) For now I keep the CDROM as first boot device fixed, that solves the problem too.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back