[pve-devel] applied-series: [PATCH access-control 1/2] roles: restrict Permissions.Modify to Administrator
Thomas Lamprecht
t.lamprecht at proxmox.com
Wed Jun 7 11:18:20 CEST 2023
Am 05/06/2023 um 16:21 schrieb Fabian Grünbichler:
> to reduce the chances of accidentally handing out privilege modification
> privileges. the old default setup of having Permissions.Modify in PVESysAdmin
> and PVEAdmin weakened the distinction between those roles and Administrator.
>
> Signed-off-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
> ---
>
> Notes:
> this is obviously a breaking change
>
> can be detected in pve7to8 if any ACLs with PVESysAdmin or PVEAdmin are
> configured, with a hint about adding a custom role if desired.
>
> src/PVE/AccessControl.pm | 5 +++--
> src/test/perm-test1.pl | 4 ++++
> src/test/perm-test8.pl | 4 ++--
> src/test/test1.cfg | 2 ++
> src/test/test8.cfg | 2 +-
> 5 files changed, 12 insertions(+), 5 deletions(-)
>
>
applied both patches, thanks!
More information about the pve-devel
mailing list