Such users are supposed to be administrators of the storage, but
previously, access to backups was not allowed when not also having
VM.Backup.
Suggested-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
my ($sid, $volname) = parse_volume_id($volid, 1);
if ($sid) {
my ($sid, $volname) = parse_volume_id($volid, 1);
if ($sid) {
+ return if $rpcenv->check($user, "/storage/$sid", ['Datastore.Allocate'], 1);
+
my ($vtype, undef, $ownervm) = parse_volname($cfg, $volid);
if ($vtype eq 'iso' || $vtype eq 'vztmpl') {
# require at least read access to storage, (custom) templates/ISOs could be sensitive
my ($vtype, undef, $ownervm) = parse_volname($cfg, $volid);
if ($vtype eq 'iso' || $vtype eq 'vztmpl') {
# require at least read access to storage, (custom) templates/ISOs could be sensitive
$rpcenv->check($user, "/storage/$sid", ['Datastore.AllocateSpace']);
$rpcenv->check($user, "/vms/$ownervm", ['VM.Backup']);
} else {
$rpcenv->check($user, "/storage/$sid", ['Datastore.AllocateSpace']);
$rpcenv->check($user, "/vms/$ownervm", ['VM.Backup']);
} else {
- # allow if we are Datastore administrator
- $rpcenv->check($user, "/storage/$sid", ['Datastore.Allocate']);
+ die "missing privileges to access $volid\n";
}
} else {
die "Only root can pass arbitrary filesystem paths."
}
} else {
die "Only root can pass arbitrary filesystem paths."