path => '',
method => 'GET',
description => "User index.",
+ permissions => { user => 'all' },
parameters => {
additionalProperties => 0,
properties => {
code => sub {
my ($param) = @_;
+ my $rpcenv = PVE::RPCEnvironment::get();
+ my $authuser = $rpcenv->get_user();
+
my $res = [];
my $usercfg = cfs_read_file("user.cfg");
foreach my $user (keys %{$usercfg->{users}}) {
- next if $user eq 'root';
-
+ # root sees all entries, a user only sees its own entry
+ next if $authuser ne 'root@pam' && $user ne $authuser;
+
my $entry = &$extract_user_data($usercfg->{users}->{$user});
if (defined($param->{enabled})) {
additionalProperties => 0,
properties => {
userid => get_standard_option('userid'),
- password => { type => 'string', optional => 1 },
+ password => { type => 'string', optional => 1, minLength => 5, maxLength => 64 },
groups => { type => 'string', optional => 1, format => 'pve-groupid-list'},
firstname => { type => 'string', optional => 1 },
lastname => { type => 'string', optional => 1 },
if $usercfg->{users}->{$username};
PVE::AccessControl::domain_set_password($realm, $ruid, $param->{password})
- if $param->{password};
+ if defined($param->{password});
my $enable = defined($param->{enable}) ? $param->{enable} : 1;
$usercfg->{users}->{$username} = { enable => $enable };
additionalProperties => 0,
properties => {
userid => get_standard_option('userid'),
- password => { type => 'string', optional => 1 },
+ password => { type => 'string', optional => 1, minLength => 5, maxLength => 64 },
groups => { type => 'string', optional => 1, format => 'pve-groupid-list' },
append => {
type => 'boolean',
if !$usercfg->{users}->{$username};
PVE::AccessControl::domain_set_password($realm, $ruid, $param->{password})
- if $param->{password};
+ if defined($param->{password});
$usercfg->{users}->{$username}->{enable} = $param->{enable} if defined($param->{enable});
$usercfg->{users}->{$username}->{expire} = $param->{expire} if defined($param->{expire});
PVE::AccessControl::delete_user_group($username, $usercfg)
- if (!$param->{append} && $param->{groups});
+ if (!$param->{append} && defined($param->{groups}));
if ($param->{groups}) {
foreach my $group (split_list($param->{groups})) {