pveum <COMMAND> [ARGS] [OPTIONS]
pveum acl delete <path> --roles <string>
[OPTIONS]
Update Access Control List (add or remove permissions).
<path>
: <string>
--groups
<string>
--propagate
<boolean>
(default = 1
)
--roles
<string>
--tokens
<string>
--users
<string>
pveum acl list [FORMAT_OPTIONS]
Get Access Control List (ACLs).
pveum acl modify <path> --roles <string>
[OPTIONS]
Update Access Control List (add or remove permissions).
<path>
: <string>
--groups
<string>
--propagate
<boolean>
(default = 1
)
--roles
<string>
--tokens
<string>
--users
<string>
pveum acldel
An alias for pveum acl delete.
pveum aclmod
An alias for pveum acl modify.
pveum group add <groupid>
[OPTIONS]
Create new group.
<groupid>
: <string>
--comment
<string>
pveum group delete <groupid>
Delete group.
<groupid>
: <string>
pveum group list [FORMAT_OPTIONS]
Group index.
pveum group modify <groupid>
[OPTIONS]
Update group data.
<groupid>
: <string>
--comment
<string>
pveum groupadd
An alias for pveum group add.
pveum groupdel
An alias for pveum group delete.
pveum groupmod
An alias for pveum group modify.
pveum help [OPTIONS]
Get help about specified command.
--extra-args
<array>
--verbose
<boolean>
pveum passwd <userid>
Change user password.
<userid>
: <string>
pveum pool add <poolid>
[OPTIONS]
Create new pool.
<poolid>
: <string>
--comment
<string>
pveum pool delete <poolid>
Delete pool.
<poolid>
: <string>
pveum pool list [FORMAT_OPTIONS]
Pool index.
pveum pool modify <poolid>
[OPTIONS]
Update pool data.
<poolid>
: <string>
--comment
<string>
--delete
<boolean>
--storage
<string>
--vms
<string>
pveum realm add <realm> --type <string>
[OPTIONS]
Add an authentication server.
<realm>
: <string>
--autocreate
<boolean>
(default = 0
)
--base_dn
\w+=[^,]+(,\s*\w+=[^,]+)*
--bind_dn
\w+=[^,]+(,\s*\w+=[^,]+)*
--capath
<string>
(default = /etc/ssl/certs
)
--case-sensitive
<boolean>
(default = 1
)
--cert
<string>
--certkey
<string>
--client-id
<string>
--client-key
<string>
--comment
<string>
--default
<boolean>
--domain
\S+
--filter
<string>
--group_classes
<string>
(default = groupOfNames, group, univentionGroup, ipausergroup
)
--group_dn
\w+=[^,]+(,\s*\w+=[^,]+)*
--group_filter
<string>
--group_name_attr
<string>
--issuer-url
<string>
--mode
<ldap | ldap+starttls | ldaps>
(default = ldap
)
--password
<string>
--port
<integer> (1 - 65535)
--secure
<boolean>
--server1
<string>
--server2
<string>
--sslversion
<tlsv1 | tlsv1_1 | tlsv1_2 | tlsv1_3>
--sync-defaults-options
[enable-new=<1|0>] [,full=<1|0>] [,purge=<1|0>] [,scope=<users|groups|both>]
--sync_attributes
\w+=[^,]+(,\s*\w+=[^,]+)*
--tfa
type=<TFATYPE> [,digits=<COUNT>] [,id=<ID>] [,key=<KEY>] [,step=<SECONDS>] [,url=<URL>]
--type
<ad | ldap | openid | pam | pve>
--user_attr
\S{2,}
--user_classes
<string>
(default = inetorgperson, posixaccount, person, user
)
--username-claim
<email | subject | username>
--verify
<boolean>
(default = 0
)
pveum realm delete <realm>
Delete an authentication server.
<realm>
: <string>
pveum realm list [FORMAT_OPTIONS]
Authentication domain index.
pveum realm modify <realm>
[OPTIONS]
Update authentication server settings.
<realm>
: <string>
--autocreate
<boolean>
(default = 0
)
--base_dn
\w+=[^,]+(,\s*\w+=[^,]+)*
--bind_dn
\w+=[^,]+(,\s*\w+=[^,]+)*
--capath
<string>
(default = /etc/ssl/certs
)
--case-sensitive
<boolean>
(default = 1
)
--cert
<string>
--certkey
<string>
--client-id
<string>
--client-key
<string>
--comment
<string>
--default
<boolean>
--delete
<string>
--digest
<string>
--domain
\S+
--filter
<string>
--group_classes
<string>
(default = groupOfNames, group, univentionGroup, ipausergroup
)
--group_dn
\w+=[^,]+(,\s*\w+=[^,]+)*
--group_filter
<string>
--group_name_attr
<string>
--issuer-url
<string>
--mode
<ldap | ldap+starttls | ldaps>
(default = ldap
)
--password
<string>
--port
<integer> (1 - 65535)
--secure
<boolean>
--server1
<string>
--server2
<string>
--sslversion
<tlsv1 | tlsv1_1 | tlsv1_2 | tlsv1_3>
--sync-defaults-options
[enable-new=<1|0>] [,full=<1|0>] [,purge=<1|0>] [,scope=<users|groups|both>]
--sync_attributes
\w+=[^,]+(,\s*\w+=[^,]+)*
--tfa
type=<TFATYPE> [,digits=<COUNT>] [,id=<ID>] [,key=<KEY>] [,step=<SECONDS>] [,url=<URL>]
--user_attr
\S{2,}
--user_classes
<string>
(default = inetorgperson, posixaccount, person, user
)
--verify
<boolean>
(default = 0
)
pveum realm sync <realm>
[OPTIONS]
Syncs users and/or groups from the configured LDAP to user.cfg. NOTE: Synced groups will have the name name-$realm, so make sure those groups do not exist to prevent overwriting.
<realm>
: <string>
--dry-run
<boolean>
(default = 0
)
--enable-new
<boolean>
(default = 1
)
--full
<boolean>
--purge
<boolean>
--scope
<both | groups | users>
pveum role add <roleid>
[OPTIONS]
Create new role.
<roleid>
: <string>
--privs
<string>
pveum role delete <roleid>
Delete role.
<roleid>
: <string>
pveum role list [FORMAT_OPTIONS]
Role index.
pveum role modify <roleid>
[OPTIONS]
Update an existing role.
<roleid>
: <string>
--append
<boolean>
no description available
Requires option(s): privs
--privs
<string>
pveum roleadd
An alias for pveum role add.
pveum roledel
An alias for pveum role delete.
pveum rolemod
An alias for pveum role modify.
pveum ticket <username>
[OPTIONS]
Create or verify authentication ticket.
<username>
: <string>
--new-format
<boolean>
(default = 0
)
--otp
<string>
--path
<string>
Verify ticket, and check if user have access privs on path
Requires option(s): privs
--privs
<string>
Verify ticket, and check if user have access privs on path
Requires option(s): path
--realm
<string>
--tfa-challenge
<string>
pveum user add <userid>
[OPTIONS]
Create new user.
<userid>
: <string>
--comment
<string>
--email
<string>
--enable
<boolean>
(default = 1
)
--expire
<integer> (0 - N)
--firstname
<string>
--groups
<string>
--keys
<string>
--lastname
<string>
--password
<string>
pveum user delete <userid>
Delete user.
<userid>
: <string>
pveum user list [OPTIONS]
[FORMAT_OPTIONS]
User index.
--enabled
<boolean>
--full
<boolean>
(default = 0
)
pveum user modify <userid>
[OPTIONS]
Update user configuration.
<userid>
: <string>
--append
<boolean>
no description available
Requires option(s): groups
--comment
<string>
--email
<string>
--enable
<boolean>
(default = 1
)
--expire
<integer> (0 - N)
--firstname
<string>
--groups
<string>
--keys
<string>
--lastname
<string>
pveum user permissions [<userid>]
[OPTIONS]
[FORMAT_OPTIONS]
Retrieve effective permissions of given user/token.
<userid>
: (?^:^(?^:[^\s:/]+)\@(?^:[A-Za-z][A-Za-z0-9\.\-_]+)(?:!(?^:[A-Za-z][A-Za-z0-9\.\-_]+))?$)
--path
<string>
pveum user tfa delete <userid>
[OPTIONS]
Delete TFA entries from a user.
<userid>
: <string>
--id
<string>
pveum user token add <userid> <tokenid>
[OPTIONS]
[FORMAT_OPTIONS]
Generate a new API token for a specific user. NOTE: returns API token value, which needs to be stored as it cannot be retrieved afterwards!
<userid>
: <string>
<tokenid>
: (?^:[A-Za-z][A-Za-z0-9\.\-_]+)
--comment
<string>
--expire
<integer> (0 - N)
(default = same as user
)
--privsep
<boolean>
(default = 1
)
pveum user token list <userid>
[FORMAT_OPTIONS]
Get user API tokens.
<userid>
: <string>
pveum user token modify <userid> <tokenid>
[OPTIONS]
[FORMAT_OPTIONS]
Update API token for a specific user.
<userid>
: <string>
<tokenid>
: (?^:[A-Za-z][A-Za-z0-9\.\-_]+)
--comment
<string>
--expire
<integer> (0 - N)
(default = same as user
)
--privsep
<boolean>
(default = 1
)
pveum user token permissions <userid> <tokenid>
[OPTIONS]
[FORMAT_OPTIONS]
Retrieve effective permissions of given token.
<userid>
: <string>
<tokenid>
: (?^:[A-Za-z][A-Za-z0-9\.\-_]+)
--path
<string>
pveum user token remove <userid> <tokenid>
[FORMAT_OPTIONS]
Remove API token for a specific user.
<userid>
: <string>
<tokenid>
: (?^:[A-Za-z][A-Za-z0-9\.\-_]+)
pveum useradd
An alias for pveum user add.
pveum userdel
An alias for pveum user delete.
pveum usermod
An alias for pveum user modify.