fix acl group name parser

[pve-access-control.git] / PVE / AccessControl.pm

diff --git a/PVE/AccessControl.pm b/PVE/AccessControl.pm
index 86c15fdf1b4d16b0b2c6b39c856796ef425621a4..44813a7b04180a95753b85af1444930333bdd5c4 100644 (file)
--- a/PVE/AccessControl.pm
+++ b/PVE/AccessControl.pm
@@ -548,12 +548,20 @@ my $privgroups = {
     VM => {
        root => [],
        admin => [           
-           'VM.Modify', 
+           'VM.Config.Disk', 
+           'VM.Config.CDROM', # change CDROM media
+           'VM.Config.CPU', 
+           'VM.Config.Memory', 
+           'VM.Config.Network', 
+           'VM.Config.HWType',
+           'VM.Config.Options', # covers all other things 
            'VM.Allocate', 
            'VM.Migrate',
+           'VM.Monitor', 
        ],
        user => [
            'VM.Console', 
+           'VM.Backup',
            'VM.PowerMgmt',
        ],
        audit => [ 
@@ -579,6 +587,7 @@ my $privgroups = {
        root => [],
        admin => [
            'Datastore.Allocate',
+           'Datastore.AllocateTemplate',
        ],
        user => [
            'Datastore.AllocateSpace',
@@ -929,7 +938,7 @@ sub parse_user_config {
                    }
 
                    foreach my $ug (split_list($uglist)) {
-                       if ($ug =~ m/^@(\w+)$/) {
+                       if ($ug =~ m/^@(\S+)$/) {
                            my $group = $1;
                            if ($cfg->{groups}->{$group}) { # group exists 
                                $cfg->{acl}->{$path}->{groups}->{$group}->{$role} = $propagate;