I have a question about a product feature.
There are non-root restrictions on the execution rights of the Proxmox CLI? I have found nothing in this regard in the wiki or iNet.
I've added an additional user 'jenkins' for automation, written in the WIKI. This remote login should not be 'root' just because the login is done without entering a password via preshared keys.
Since the CLI command 'qm' but is in '/usr/sbin', it needs sudoers rights.
1) First idea:
Configuration via '/etc/sudoers' with this line:
This means that users of the group 'jenkins' allowed to execute the command '/usr/sbin/qm' without entering the password.
But there is not this file. Is this type of configuration is not provided?
2) Second Idea: temporary workaound
If it does not work without root privileges, then jenkins to group 'root' to add.
Nevertheless, the execution of the command 'qm' is denied.
jenkins@testbed:~$ /usr/sbin/qm --help
please run as root
But I actually have this permission as member of root group.:(
If it should be relevant: In Proxmox VE Web-GUI is this user 'jenkins' member of group 'jenkins' with group role 'Administrator'.
Hence the question: work commands the CLI exclusively with the root account?
Thx for answers,
Gordon
There are non-root restrictions on the execution rights of the Proxmox CLI? I have found nothing in this regard in the wiki or iNet.
I've added an additional user 'jenkins' for automation, written in the WIKI. This remote login should not be 'root' just because the login is done without entering a password via preshared keys.
Since the CLI command 'qm' but is in '/usr/sbin', it needs sudoers rights.
1) First idea:
Configuration via '/etc/sudoers' with this line:
%jenkins ALL = NOPASSWD: /usr/sbin/qm
This means that users of the group 'jenkins' allowed to execute the command '/usr/sbin/qm' without entering the password.
But there is not this file. Is this type of configuration is not provided?
2) Second Idea: temporary workaound
If it does not work without root privileges, then jenkins to group 'root' to add.
Nevertheless, the execution of the command 'qm' is denied.
jenkins@testbed:~$ /usr/sbin/qm --help
please run as root
But I actually have this permission as member of root group.:(
If it should be relevant: In Proxmox VE Web-GUI is this user 'jenkins' member of group 'jenkins' with group role 'Administrator'.
Hence the question: work commands the CLI exclusively with the root account?
Thx for answers,
Gordon