User management

F

Fafa24

New Member
Nov 9, 2023
7
0
1
Hi,

I’m currently learning more about Proxmox user management. I have a few statements/questions and would appreciate your confirmation.

  1. Proxmox does not use sudo by default, but with apt-get install sudo it is possible to use it.
  2. root - there is no way to add another linux user and give the same rights as the root user has
  3. therefore you cannot or should not disable the user root
  4. Proxmox has two built-in realm: Proxmox VE and Linux PAM
  5. Adding a Linux PAM user in the Proxmox GUI, requires going to the shell and add the same user with useradd
  6. A Proxmox VE user has no shell access even it is a full administrator

The intention is to reduce the node's security risk without using the user root. I would rather like to use another user for the shell as root.

Thanks!
 
Fafa24 said:
After my initial post and some research, I wrote an article about the Proxmox user root.

What Secrets Lie Behind the Proxmox User Root?


Maybe this article is of some interest to you.
Click to expand...
You can create much more easily (without useradd) pve local admin users direct in "datacenter -->users" and indeed you have then shell access.
You can add an ldap realm, eg. a win AD realm, so you are not limited to the 2 defaults.
When using a pve cluster ssh "PermitRootLogin no" will break cluster services but can be circumvented with configuring for ssh and hosts.allow just between.
 
waltar said:
When using a pve cluster ssh "PermitRootLogin no" will break cluster services but can be circumvented with configuring for ssh and hosts.allow just between.
Click to expand...

This would imply you are running the host interface other than in a separate VLAN, which is insecure for a deployment like PVE.
 
You must log in or register to reply here.
Top Bottom