Am 14/06/2023 um 12:42 schrieb Fabian Grünbichler:
> instead, fallback to a plain login shell if the current user is not already
> root. both current custom commands are effectively a root shell, so it's not
> possible to allow them for regular users.
>
> note that the non-login commands via xtermjs already had the fallback
> behaviour
> (i.e., no check for $param->{cmd}) previous to this commit, it was just not
> exposed via our web UI, since the corresponding button/wizard was only enabled
> for root@pam.
>
> Signed-off-by: Fabian Grünbichler <[email protected]>
> ---
>
> Notes:
> RFC because for a nice UX we probably want to somehow display or inject
> the
> command that should be executed once the user is (effectively) root in the
> console, instead of just opening a login prompt without any indication
> what the
> user should do with it..
>
> some possible options/suggestions offered so far:
> - let the API return the command in case of fallback, let the UI display
> it
> -- probably would work best if upgrade is converted to an inline xtermjs
> console, since that supports copy+paste
> - pass FAKE_SHELL to login, point it at a shell wrapper that echos a note
> with
> the command and then executes the real shell
> - pass FAKE_SHELL to login, point it at a wrapper that runs the command
> (or the
> command with sudo, in case the logged in console user is not root) with
> the
> user's real shell
That one I like best, as IMO user convenience is more important here,
and if they could successfully log in, it should work just like if they
are root@pam from the beginning; avoiding any copy-paste errors, that
could even result in more harm than good,
We do not depend on `sudo` though, so calling that needs to check if
it's installed. Maybe enforcing the root username would make sense, or
at least a short hint in the UI that they need to log in as root to
continue.
_______________________________________________
pve-devel mailing list
[email protected]
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
