[pve-devel] applied-series: [PATCH access-control 1/2] roles: restrict Permissions.Modify to Administrator

Thomas Lamprecht t.lamprecht at proxmox.com
Wed Jun 7 11:18:20 CEST 2023


Am 05/06/2023 um 16:21 schrieb Fabian Grünbichler:
> to reduce the chances of accidentally handing out privilege modification
> privileges. the old default setup of having Permissions.Modify in PVESysAdmin
> and PVEAdmin weakened the distinction between those roles and Administrator.
> 
> Signed-off-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
> ---
> 
> Notes:
>     this is obviously a breaking change
>     
>     can be detected in pve7to8 if any ACLs with PVESysAdmin or PVEAdmin are
>     configured, with a hint about adding a custom role if desired.
> 
>  src/PVE/AccessControl.pm | 5 +++--
>  src/test/perm-test1.pl   | 4 ++++
>  src/test/perm-test8.pl   | 4 ++--
>  src/test/test1.cfg       | 2 ++
>  src/test/test8.cfg       | 2 +-
>  5 files changed, 12 insertions(+), 5 deletions(-)
> 
>

applied both patches, thanks!





More information about the pve-devel mailing list