[pve-devel] Bug 2582 roadmap

[Thomas Lamprecht]

Hello,

Am 20/09/2024 um 14:32 schrieb Pavel Tide:
> 1) Connect via SSH to the PVE node and deploy a helper virtual machine (so that users don't have to do it manually)
> 2) Access the Proxmox VE API to perform other backup-related tasks (those that cannot be done via SSH)
> 
> In item #1 - the new VM deployment involved usage of root/sudo.
> 
> In item #2 - certain tasks that are performed via API also require root/sudo. We have managed to move those to the SSH part of the workflow, so now users can use one non-root account to perform all necessary operations (instead of using root or having to use two separate accounts).
> 
> We think that in future there might be a situation where we might need a superuser level of privileges while accessing the API, and there will be no workaround to move the operation to the SSH part of the workflow. This will result in forcing our joint users to use 'root' account again, which they hate to do and also deem as an not secure practice.

Which situations/API calls would that be? It would be definitively
helpful to get specifics here, as otherwise it's hard to help and also a
bit hard to tell for sure if the Sys.Root privilege feature request
would even help here.
As that privilege would only allow current root-only API calls to be
used by non-root admin accounts, but it would not allow the account to
gain root access on the system just by having that privilege.

In general, I think it would be better to do less, not more, stuff
manually in the long term and rather check out the in-development
external backup provider API [0], as that would allow easier and safer
access to VM and CT data while integrating better with the existing PVE
stack, ideally reducing the potential for fallout on either site.

[0]: https://lore.proxmox.com/pve-devel/20240813132829.117460-1-f.ebner@proxmox.com/

- Thomas