From: Thomas Lamprecht <t.lamprecht@proxmox.com>
To: "Proxmox VE development discussion" <pve-devel@lists.proxmox.com>,
"Fabian Grünbichler" <f.gruenbichler@proxmox.com>
Subject: Re: [pve-devel] [RFC manager 3/3] node console: lift root@pam restriction for commands
Date: Mon, 6 Nov 2023 15:46:21 +0100 [thread overview]
Message-ID: <043e2876-6a1f-4e76-94f5-a85c7643e2b2@proxmox.com> (raw)
In-Reply-To: <20230614104215.359768-4-f.gruenbichler@proxmox.com>
Am 14/06/2023 um 12:42 schrieb Fabian Grünbichler:
> instead, fallback to a plain login shell if the current user is not already
> root. both current custom commands are effectively a root shell, so it's not
> possible to allow them for regular users.
>
> note that the non-login commands via xtermjs already had the fallback behaviour
> (i.e., no check for $param->{cmd}) previous to this commit, it was just not
> exposed via our web UI, since the corresponding button/wizard was only enabled
> for root@pam.
>
> Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
> ---
>
> Notes:
> RFC because for a nice UX we probably want to somehow display or inject the
> command that should be executed once the user is (effectively) root in the
> console, instead of just opening a login prompt without any indication what the
> user should do with it..
>
> some possible options/suggestions offered so far:
> - let the API return the command in case of fallback, let the UI display it
> -- probably would work best if upgrade is converted to an inline xtermjs
> console, since that supports copy+paste
> - pass FAKE_SHELL to login, point it at a shell wrapper that echos a note with
> the command and then executes the real shell
> - pass FAKE_SHELL to login, point it at a wrapper that runs the command (or the
> command with sudo, in case the logged in console user is not root) with the
> user's real shell
That one I like best, as IMO user convenience is more important here,
and if they could successfully log in, it should work just like if they
are root@pam from the beginning; avoiding any copy-paste errors, that
could even result in more harm than good,
We do not depend on `sudo` though, so calling that needs to check if
it's installed. Maybe enforcing the root username would make sense, or
at least a short hint in the UI that they need to log in as root to
continue.
next prev parent reply other threads:[~2023-11-06 14:46 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-14 10:42 [pve-devel] [PATCH manager 0/3] rework node console permission checks Fabian Grünbichler
2023-06-14 10:42 ` [pve-devel] [PATCH manager 1/3] node console: restrict all non-login commands to root@pam Fabian Grünbichler
2023-11-06 14:38 ` [pve-devel] applied: " Thomas Lamprecht
2023-06-14 10:42 ` [pve-devel] [PATCH manager 2/3] node console: allow usage for non-pam realms Fabian Grünbichler
2023-11-06 14:38 ` [pve-devel] applied: " Thomas Lamprecht
2023-06-14 10:42 ` [pve-devel] [RFC manager 3/3] node console: lift root@pam restriction for commands Fabian Grünbichler
2023-11-06 14:46 ` Thomas Lamprecht [this message]
2023-11-06 7:36 ` [pve-devel] [PATCH manager 0/3] rework node console permission checks Fabian Grünbichler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=043e2876-6a1f-4e76-94f5-a85c7643e2b2@proxmox.com \
--to=t.lamprecht@proxmox.com \
--cc=f.gruenbichler@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal