path => '',
method => 'POST',
description => "Create backup.",
+ permissions => {
+ description => "The user needs VM.Backup permissions on any VM.",
+ user => 'all',
+ },
protected => 1,
proxyto => 'node',
parameters => {
die "you can only backup a single VM with option --stdout\n"
if $param->{stdout} && scalar(@vmids) != 1;
+ foreach my $key (qw(maxfiles tmpdir dumpdir script size bwlimit ionice)) {
+ raise_param_exc({ $key => "Only root may set this option."})
+ if defined($param->{$key}) && ($user ne 'root@pam');
+ }
+
my $vzdump = PVE::VZDump->new($cmdline, $param, $skiplist);
my $worker = sub {
PVE::VZDump::run_command(undef, "ionice -c2 -n$param->{ionice} -p $$");
}
}
- $vzdump->exec_backup();
+ $vzdump->exec_backup($rpcenv, $user);
};
open STDOUT, '>/dev/null' if $param->{quiet} && !$param->{stdout};
use IPC::Open3;
use POSIX qw(strftime);
use File::Path;
+use PVE::RPCEnvironment;
use PVE::Storage;
use PVE::Cluster qw(cfs_read_file);
use PVE::VZDump::OpenVZ;
}
sub exec_backup {
- my ($self) = @_;
+ my ($rpcenv, $authuser, $self) = @_;
my $opts = $self->{opts};
my $vmlist = $plugin->vmlist();
foreach my $vmid (sort @$vmlist) {
next if grep { $_ eq $vmid } @{$opts->{exclude}};
+ next if !$rpcenv->check($authuser, "/vms/$vmid", [ 'VM.Backup' ], 1);
push @$tasklist, { vmid => $vmid, state => 'todo', plugin => $plugin };
}
}
last;
}
}
+ $rpcenv->check($authuser, "/vms/$vmid", [ 'VM.Backup' ]);
push @$tasklist, { vmid => $vmid, state => 'todo', plugin => $plugin };
}
}