[pbs-devel] applied: [PATCH proxmox-backup v2] fix #5233: don't require root for some tape operations
Thomas Lamprecht
t.lamprecht at proxmox.com
Thu Nov 14 15:17:45 CET 2024
Am 13.11.24 um 12:37 schrieb Dominik Csapak:
> instead, require 'Tape.Write' or 'Tape.Modify' on '/tape' path.
> This makes it possible for a TapeOperator to destroy tapes and for a
> TapeAdmin to update the tape status, instead of just root at pam.
>
> I opted for the path '/tape' since we don't have a dedicated acl
> structure for single tapes, just '/tape/pool' (which does not apply
> since not all tapes have to have a pool), '/tape/device' (which is
> intended for drives/changers) and '/tape/jobs' (which is for jobs only).
>
> Also we use that path for e.g. move_tape already.
>
> Signed-off-by: Dominik Csapak <d.csapak at proxmox.com>
> ---
> changes from v1:
> * rebase on master
> * change permission required for update status to TAPE_MODIFY
>
> src/api2/tape/media.rs | 8 +++++++-
> 1 file changed, 7 insertions(+), 1 deletion(-)
>
>
applied, thanks!
More information about the pbs-devel
mailing list