[pve-devel] [RFC manager 3/3] node console: lift root at pam restriction for commands

Thomas Lamprecht t.lamprecht at proxmox.com
Mon Nov 6 15:46:21 CET 2023 

Am 14/06/2023 um 12:42 schrieb Fabian Grünbichler:
> instead, fallback to a plain login shell if the current user is not already
> root. both current custom commands are effectively a root shell, so it's not
> possible to allow them for regular users.
> 
> note that the non-login commands via xtermjs already had the fallback behaviour
> (i.e., no check for $param->{cmd}) previous to this commit, it was just not
> exposed via our web UI, since the corresponding button/wizard was only enabled
> for root at pam.
> 
> Signed-off-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
> ---
> 
> Notes:
>     RFC because for a nice UX we probably want to somehow display or inject the
>     command that should be executed once the user is (effectively) root in the
>     console, instead of just opening a login prompt without any indication what the
>     user should do with it..
>     
>     some possible options/suggestions offered so far:
>     - let the API return the command in case of fallback, let the UI display it
>     -- probably would work best if upgrade is converted to an inline xtermjs
>        console, since that supports copy+paste
>     - pass FAKE_SHELL to login, point it at a shell wrapper that echos a note with
>       the command and then executes the real shell
>     - pass FAKE_SHELL to login, point it at a wrapper that runs the command (or the
>       command with sudo, in case the logged in console user is not root) with the
>       user's real shell

That one I like best, as IMO user convenience is more important here,
and if they could successfully log in, it should work just like if they
are root at pam from the beginning; avoiding any copy-paste errors, that
could even result in more harm than good,

We do not depend on `sudo` though, so calling that needs to check if
it's installed. Maybe enforcing the root username would make sense, or
at least a short hint in the UI that they need to log in as root to
continue.

More information about the pve-devel mailing list