From: Oguz Bektas <o.bektas@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH v2 access-control++ 00/12] SuperUser privilege
Date: Fri, 11 Mar 2022 12:24:52 +0100 [thread overview]
Message-ID: <20220311112504.595964-1-o.bektas@proxmox.com> (raw)
v1->v2:
* added some basic docs
changes in rest of the patches are in the separate mails.
big thanks to Fabian G. for the reviews and answering my questions
throughout the series :)
it's a complicated series so if i forgot something i'm sorry!
note: all the patches on the other repositories depend on the
access-control patches to be applied and installed first
docs: Oguz Bektas (1):
pveum: add SU privilege and SA role
pveum.adoc | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
qemu-server: Oguz Bektas (2):
api: allow SU privileged users to edit root-only options for VM
configs
api: allow 'skiplock' option to be used by SU privileged users
PVE/API2/Qemu.pm | 122 ++++++++++++++++++++++++++++-------------------
1 file changed, 72 insertions(+), 50 deletions(-)
manager: Oguz Bektas (4):
api: backup: allow SUs to use 'tmpdir', 'dumpdir' and 'script' options
api: vzdump: allow SUs to use 'bwlimit' and 'ionice' parameters
api: update comment about login prompt for non-root users
ui: adapt sensible 'root@pam' checks to SU privilege
PVE/API2/Backup.pm | 11 ++++++++---
PVE/API2/Nodes.pm | 2 +-
PVE/API2/VZDump.pm | 8 +++++---
www/manager6/dc/Config.js | 2 +-
www/manager6/lxc/Options.js | 2 +-
www/manager6/lxc/Resources.js | 2 +-
www/manager6/window/Migrate.js | 4 ++--
7 files changed, 19 insertions(+), 12 deletions(-)
container: Oguz Bektas (1):
fix #2582: api: add checks for 'SuperUser' privilege for root-only
options
src/PVE/API2/LXC.pm | 15 +++++++--------
src/PVE/API2/LXC/Config.pm | 2 +-
src/PVE/API2/LXC/Status.pm | 12 ++++++++----
src/PVE/LXC.pm | 21 ++++++++++++---------
4 files changed, 28 insertions(+), 22 deletions(-)
storage: Oguz Bektas (1):
check_volume_access: allow superusers to pass arbitrary fs paths
PVE/Storage.pm | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
access-control: Oguz Bektas (3):
add "SuperAdministrator" role with the new "SuperUser" privilege
api: allow superusers to edit tfa and password settings
api: acl: only allow granting SU privilege if user already has it
src/PVE/API2/ACL.pm | 9 +++++++++
src/PVE/API2/AccessControl.pm | 6 ++++++
src/PVE/API2/TFA.pm | 7 +++++--
src/PVE/AccessControl.pm | 9 ++++++---
src/PVE/RPCEnvironment.pm | 2 +-
5 files changed, 27 insertions(+), 6 deletions(-)
--
2.30.2
next reply other threads:[~2022-03-11 11:25 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-11 11:24 Oguz Bektas [this message]
2022-03-11 11:24 ` [pve-devel] [PATCH v2 docs 01/12] pveum: add SU privilege and SA role Oguz Bektas
2022-03-17 9:36 ` Fabian Grünbichler
2022-03-11 11:24 ` [pve-devel] [PATCH v2 qemu-server 02/12] api: allow SU privileged users to edit root-only options for VM configs Oguz Bektas
2022-03-17 10:05 ` Fabian Grünbichler
2022-03-11 11:24 ` [pve-devel] [PATCH v2 qemu-server 03/12] api: allow 'skiplock' option to be used by SU privileged users Oguz Bektas
2022-03-17 10:12 ` Fabian Grünbichler
2022-03-11 11:24 ` [pve-devel] [PATCH v2 manager 04/12] api: backup: allow SUs to use 'tmpdir', 'dumpdir' and 'script' options Oguz Bektas
2022-03-17 12:18 ` Fabian Grünbichler
2022-03-11 11:24 ` [pve-devel] [PATCH v2 manager 05/12] api: vzdump: allow SUs to use 'bwlimit' and 'ionice' parameters Oguz Bektas
2022-03-11 11:24 ` [pve-devel] [PATCH v2 manager 06/12] api: update comment about login prompt for non-root users Oguz Bektas
2022-03-17 12:33 ` Fabian Grünbichler
2022-03-11 11:24 ` [pve-devel] [PATCH v2 manager 07/12] ui: adapt sensible 'root@pam' checks to SU privilege Oguz Bektas
2022-03-17 12:28 ` Fabian Grünbichler
2022-03-11 11:25 ` [pve-devel] [PATCH v2 container 08/12] fix #2582: api: add checks for 'SuperUser' privilege for root-only options Oguz Bektas
2022-03-17 12:11 ` Fabian Grünbichler
2022-03-11 11:25 ` [pve-devel] [PATCH v2 storage 09/12] check_volume_access: allow superusers to pass arbitrary fs paths Oguz Bektas
2022-03-11 11:25 ` [pve-devel] [PATCH v2 access-control 10/12] add "SuperAdministrator" role with the new "SuperUser" privilege Oguz Bektas
2022-03-11 11:25 ` [pve-devel] [PATCH v2 access-control 11/12] api: allow superusers to edit tfa and password settings Oguz Bektas
[not found] ` <<20220311112504.595964-12-o.bektas@proxmox.com>
2022-03-17 9:30 ` Fabian Grünbichler
2022-03-11 11:25 ` [pve-devel] [PATCH v2 access-control 12/12] api: acl: only allow granting SU privilege if user already has it Oguz Bektas
2022-03-16 12:24 ` Fabian Grünbichler
[not found] ` <<20220311112504.595964-1-o.bektas@proxmox.com>
2022-03-17 13:04 ` [pve-devel] [PATCH v2 access-control++ 00/12] SuperUser privilege Fabian Grünbichler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220311112504.595964-1-o.bektas@proxmox.com \
--to=o.bektas@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.