konevsa/pve-manager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

restrict vzdump cron options

Browse Source 
modeled after the VZDump API path, but since we are
restricted to Sys.Modify users already, we only need to
restrict these three options.
This commit is contained in:
Fabian Grünbichler 2016-10-17 10:14:22 +02:00 committed by Wolfgang Bumiller
parent e465d72830
commit d5489c9334
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
PVE/API2/Backup.pm
View File

@ -233,6 +233,7 @@ __PACKAGE__->register_method({
description => "Create new vzdump backup job.",
permissions => {
check => ['perm', '/', ['Sys.Modify']],
description => "The 'tmpdir', 'dumpdir' and 'script' parameters are additionally restricted to the 'root\@pam' user.",
},
parameters => {
additionalProperties => 0,
@ -264,6 +265,11 @@ __PACKAGE__->register_method({
my $rpcenv = PVE::RPCEnvironment::get();
my $user = $rpcenv->get_user();
foreach my $key (qw(tmpdir dumpdir script)) {
raise_param_exc({ $key => "Only root may set this option."})
if defined($param->{$key}) && ($user ne 'root@pam');
}
my $data = cfs_read_file('vzdump.cron');
$param->{dow} = 'mon,tue,wed,thu,fri,sat,sun' if !defined($param->{dow});