api: mark batch-execute api calls root-only

This is weird and buggy and breaches the unpriv./priv. separation of
our api daemons, so root-only for now and possibly removal soon.

note that this had several limitations already anyway, like running
in sync context and thus failing after 30s.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>

diff --git a/PVE/API2/Nodes.pm b/PVE/API2/Nodes.pm
index e642ab4f4031d065ae43b49c1726f7a8dbac6bb6..9269694d6a28627e3396300c0aaeef87ce284a0c 100644 (file)
--- a/PVE/API2/Nodes.pm
+++ b/PVE/API2/Nodes.pm
@@ -464,10 +464,7 @@ __PACKAGE__->register_method({
     name => 'execute',
     path => 'execute',
     method => 'POST',
-    permissions => {
-       check => ['perm', '/nodes/{node}', [ 'Sys.Audit' ]],
-    },
-    description => "Execute multiple commands in order.",
+    description => "Execute multiple commands in order, root only.",
     proxyto => 'node',
     protected => 1, # avoid problems with proxy code
     parameters => {