[pve-devel] [PATCH v2 manager 05/12] api: vzdump: allow SUs to use 'bwlimit' and 'ionice' parameters
Oguz Bektas
o.bektas at proxmox.com
Fri Mar 11 12:24:57 CET 2022
Signed-off-by: Oguz Bektas <o.bektas at proxmox.com>
---
PVE/API2/VZDump.pm | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/PVE/API2/VZDump.pm b/PVE/API2/VZDump.pm
index 2c0df4c3..3b87ef38 100644
--- a/PVE/API2/VZDump.pm
+++ b/PVE/API2/VZDump.pm
@@ -27,7 +27,7 @@ __PACKAGE__->register_method ({
permissions => {
description => "The user needs 'VM.Backup' permissions on any VM, and 'Datastore.AllocateSpace'"
." on the backup storage. The 'maxfiles', 'prune-backups', 'tmpdir', 'dumpdir', 'script',"
- ." 'bwlimit' and 'ionice' parameters are restricted to the 'root\@pam' user.",
+ ." 'bwlimit' and 'ionice' parameters are restricted to the superusers.",
user => 'all',
},
protected => 1,
@@ -52,6 +52,8 @@ __PACKAGE__->register_method ({
my $nodename = PVE::INotify::nodename();
+ my $is_superuser = $user eq 'root at pam' || $rpcenv->check($user, "/", ['SuperUser'], 1);
+
if ($rpcenv->{type} ne 'cli') {
raise_param_exc({ node => "option is only allowed on the command line interface."})
if $param->{node} && $param->{node} ne $nodename;
@@ -61,8 +63,8 @@ __PACKAGE__->register_method ({
}
foreach my $key (qw(maxfiles prune-backups tmpdir dumpdir script bwlimit ionice)) {
- raise_param_exc({ $key => "Only root may set this option."})
- if defined($param->{$key}) && ($user ne 'root at pam');
+ raise_param_exc({ $key => "Only superusers may set this option."})
+ if defined($param->{$key}) && !$is_superuser;
}
PVE::VZDump::verify_vzdump_parameters($param, 1);
--
2.30.2
More information about the pve-devel
mailing list