[SOLVED] "script":"Only root may set this option."

G

g0ha

Active Member
Jan 11, 2019
25
4
43
38
In PVE5 we could'n add serial port via user, only via root, in PVE6 it became possible.
In PVE6 (6.2-11), method --script in api call "/api2/json/nodes/{node}/vzdump" executed under admin user causes the same error: {"data":null,"errors":{"script":"Only root may set this option."}}
Can we expect liberalization ;) ?
 
no, the hook script runs as root, allowing arbitrary users to execute arbitrary code like that would be bad ;)
 
Am i right, that workaround for it - using root tokens from PVE6.2?
 
usually people only set that option globally (in vzdump.cfg) or in cron jobs/timer units for scheduled backups (which is CLI, und thus already restricted to root@pam).
 
I understand, i'm using it too in /etc/vzdump.conf. But if i run backup task for single vm from api - task won't read vzdump.conf
Please explain how i can use new feature from PVE6.2 - API Token.
Refer to manual: "To use an API token, set the HTTP header Authorization to the displayed value of the form PVEAPIToken=USER@REALM!TOKENID=UUID when making API requests"
In https://pve.proxmox.com/wiki/Proxmox_VE_API unfortunately, no section about this feature.
Should i receive PVEAuthCookie?

I create token from web, for user root, named it test, copy secret, then I tried:
curl --header 'Authorization="PVEAPIToken=root@pam!test=UUID"'
curl -d "PVEAPIToken=root@pam!test=UUID"
how is it correct?
 
curl -H 'Authorization: PVEAPITOKEN=root@pam!test=XXX' ... should work (where XXX is the UUID representing the token). IIRC, the code path is the same for scheduled vzdump calls and API vzdump calls and for single or multiple VMs..
 
fabian said:
IIRC, the code path is the same for scheduled vzdump calls and API vzdump calls and for single or multiple VMs..
Click to expand...

Yep, rechecked my vzdump.conf, find errors (dumpdir owerlaps with storage options, dumpdir wins). My bad, it works fine. Thank you.
 
Wow Fabian, thx for the quick reply. I had removed my question and made a new thread, being this thread was 'solved'. But hey, super thx.

Now to find out how to make the call using PVEAuthCookie and getting the ticket to populate my curl post line automatically in Bash. Its a puzzle I am willing to try and solve ;-)
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back