Command Line Tool
Most users will simply use the GUI to manage users. But there is also a full featured command line tool called pveum (short for “Proxmox VE User Manager”). Please note that all Proxmox VE command line tools are wrappers around the API, so you can also access those function through the REST API.
Here are some simple usage examples. To show help type:
or (to show detailed help about a specific command)
pveum help useradd
Create a new user:
pveum useradd testuser@pve -comment "Just a test"
Set or Change the password (not all realms support that):
pveum passwd testuser@pve
Disable a user:
pveum usermod testuser@pve -enable 0
Create a new group:
pveum groupadd testgroup
Create a new role:
pveum roleadd PVE_Power-only -privs "VM.PowerMgmt VM.Console"
Real World Examples
One of the most wanted features was the ability to define a group of users with full administrator rights (without using the root account).
Define the group:
pveum groupadd admin -comment "System Administrators"
Then add the permission:
pveum aclmod / -group admin -role Administrator
You can finally add users to the new admin group:
pveum usermod testuser@pve -group admin
You can give read only access to users by assigning the PVEAuditor role to users or groups.
Example1: Allow user joe@pve to see everything
pveum aclmod / -user joe@pve -role PVEAuditor
Example1: Allow user joe@pve to see all virtual machines
pveum aclmod /vms -user joe@pve -role PVEAuditor
Delegate User Management
If you want to delegate user management to user joe@pve you can do that with:
pveum aclmod /access -user joe@pve -role PVEUserAdmin
User joe@pve can now add and remove users, change passwords and other user attributes. This is a very powerful role, and you most likely want to limit that to selected realms and groups. The following example allows joe@pve to modify users within realm pve if they are members of group customers:
pveum aclmod /access/realm/pve -user joe@pve -role PVEUserAdmin pveum aclmod /access/groups/customers -user joe@pve -role PVEUserAdmin