On March 11, 2022 12:24 pm, Oguz Bektas wrote:
> we have a SU privilege now, but we still drop to a login prompt for such
> users.
>
> Signed-off-by: Oguz Bektas <o.bek...@proxmox.com>
> ---
> PVE/API2/Nodes.pm | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/PVE/API2/Nodes.pm b/PVE/API2/Nodes.pm
> index 655493a3..0c3de231 100644
> --- a/PVE/API2/Nodes.pm
> +++ b/PVE/API2/Nodes.pm
> @@ -870,7 +870,7 @@ sub get_shell_command {
> $cmd = [ '/bin/login', '-f', 'root' ];
> }
> } else {
> - # non-root must always login for now, we do not have a superuser role!
> + # non-root must always login, even with SU privilege
it would be nicer to check this early on as well with a proper error
message - all of temrproxy, vncshell, spiceshell allow passing in a cmd
('login', 'upgrade', or 'ceph_install'), and only 'upgrade' is checked
there for being root@pam only. so if a user calls those with
'ceph_install', they'd be dropped in a login prompt instead without any
indication why..
> $cmd = [ '/bin/login' ];
> }
> return $cmd;
> --
> 2.30.2
>
>
>
> _______________________________________________
> pve-devel mailing list
> pve-devel@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>
>
>
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
