Proxmox User Management- Proxmox VE authentication server

Command Line Tool

Most users will simply use the GUI to manage users. But there is also a full featured command line tool called pveum (short for “Proxmox VE User Manager”). Please note that all Proxmox VE command line tools are wrappers around the API, so you can also access those function through the REST API.
Here are some simple usage examples. To show help type:


or (to show detailed help about a specific command)

pveum help useradd

Create a new user:

pveum useradd testuser@pve -comment "Just a test"

Set or Change the password (not all realms support that):

pveum passwd testuser@pve

Disable a user:

pveum usermod testuser@pve -enable 0

Create a new group:

pveum groupadd testgroup

Create a new role:

pveum roleadd PVE_Power-only -privs "VM.PowerMgmt VM.Console"

Real World Examples

Administrator Group
One of the most wanted features was the ability to define a group of users with full administrator rights (without using the root account).

Define the group:

pveum groupadd admin -comment "System Administrators"

Then add the permission:

pveum aclmod / -group admin -role Administrator

You can finally add users to the new admin group:

pveum usermod testuser@pve -group admin


You can give read only access to users by assigning the PVEAuditor role to users or groups.

Example1: Allow user joe@pve to see everything

pveum aclmod / -user joe@pve -role PVEAuditor

Example1: Allow user joe@pve to see all virtual machines

pveum aclmod /vms -user joe@pve -role PVEAuditor

Delegate User Management
If you want to delegate user management to user joe@pve you can do that with:

pveum aclmod /access -user joe@pve -role PVEUserAdmin

User joe@pve can now add and remove users, change passwords and other user attributes. This is a very powerful role, and you most likely want to limit that to selected realms and groups. The following example allows joe@pve to modify users within realm pve if they are members of group customers:

pveum aclmod /access/realm/pve -user joe@pve -role PVEUserAdmin
pveum aclmod /access/groups/customers -user joe@pve -role PVEUserAdmin

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.