[pve-devel] [PATCH #1752 pve-manager 1/1] [PATCH #1752 pve-manager] Impl basic wake on LAN
Thomas Lamprecht
t.lamprecht at proxmox.com
Tue Jan 15 19:21:13 CET 2019
On 1/14/19 5:04 PM, Dietmar Maurer wrote:
>> + permissions => {
>> + check => ['perm', '/nodes/{node}', [ 'Sys.PowerMgmt' ]],
>> + },
>
> You can wake up and Host in the network? If so, we may want to
> restrict that too:
>
> check => ['perm', '/nodes/', [ 'Sys.PowerMgmt' ]],
>
No, this does not gets proxied to the {node}, or better said: it should not,
Christian wrongly set the "proxyto" in his first iteration of the patch.
The {node} in the API path is actually the target node for the wakeonlan
operation, which the node you are connected and authenticated too triggers.
So if you have permission to power-manage {node} it is correct (if, as in the
v2, the proxyto is removed /set to 0).
This could be a bit weird to see, Fabian mentioned that too. so maybe we
want to move the API path to /cluster and have an permission check inside.
> Not sure about that...
More information about the pve-devel
mailing list