User management

F

Fafa24

New Member
Nov 9, 2023
7
0
1
Hi,

I’m currently learning more about Proxmox user management. I have a few statements/questions and would appreciate your confirmation.

  1. Proxmox does not use sudo by default, but with apt-get install sudo it is possible to use it.
  2. root - there is no way to add another linux user and give the same rights as the root user has
  3. therefore you cannot or should not disable the user root
  4. Proxmox has two built-in realm: Proxmox VE and Linux PAM
  5. Adding a Linux PAM user in the Proxmox GUI, requires going to the shell and add the same user with useradd
  6. A Proxmox VE user has no shell access even it is a full administrator

The intention is to reduce the node's security risk without using the user root. I would rather like to use another user for the shell as root.

Thanks!
 
Fafa24 said:
After my initial post and some research, I wrote an article about the Proxmox user root.

What Secrets Lie Behind the Proxmox User Root?


Maybe this article is of some interest to you.
Click to expand...
You can create much more easily (without useradd) pve local admin users direct in "datacenter -->users" and indeed you have then shell access.
You can add an ldap realm, eg. a win AD realm, so you are not limited to the 2 defaults.
When using a pve cluster ssh "PermitRootLogin no" will break cluster services but can be circumvented with configuring for ssh and hosts.allow just between.
 
waltar said:
When using a pve cluster ssh "PermitRootLogin no" will break cluster services but can be circumvented with configuring for ssh and hosts.allow just between.
Click to expand...

This would imply you are running the host interface other than in a separate VLAN, which is insecure for a deployment like PVE.
 
Thank you!. I greatly appreciate it and will amend my article with the new inputs.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back