do not allow to change system user passwords

[pve-access-control.git] / PVE / API2 / AccessControl.pm

diff --git a/PVE/API2/AccessControl.pm b/PVE/API2/AccessControl.pm
index 58d93dd4fe9997462db7078b3aa5b7243e8df1d7..0ef31fa2068a70c0349fd7d1222dea96505f0367 100644 (file)
--- a/PVE/API2/AccessControl.pm
+++ b/PVE/API2/AccessControl.pm
@@ -15,7 +15,6 @@ use PVE::API2::User;
 use PVE::API2::Group;
 use PVE::API2::Role;
 use PVE::API2::ACL;
-use PVE::API2::Pool;
 
 use base qw(PVE::RESTHandler);
 
@@ -44,11 +43,6 @@ __PACKAGE__->register_method ({
     path => 'domains',
 });
 
-__PACKAGE__->register_method ({
-    subclass => "PVE::API2::Pool",  
-    path => 'pools',
-});
-
 __PACKAGE__->register_method ({
     name => 'index', 
     path => '', 
@@ -266,6 +260,8 @@ __PACKAGE__->register_method ({
            } else {
                # only root may change root password
                raise_perm_exc() if $userid eq 'root@pam';
+               # do not allow to change system user passwords
+               raise_perm_exc() if $realm eq 'pam';
            }
        }