pveum

List users

$ pveum [[u|user]] [[l|list]]

$ pveum [[u|user]] [[a|add]] [username]@pve

$ pveum [[u|user]] [[d|delete]] [username]@pve

pveum command [options...]

Examples:
pveum user list
pveum group add mygroup
pveum acl add /vms/101 -user user@realm -role VMViewer

user
    Manages user accounts within Proxmox VE, including adding, modifying, deleting, and listing users and their properties (e.g., email, expiration).

group
    Manages user groups in Proxmox VE, allowing administrators to create, modify, or delete groups and assign users to them for simplified permission management.

realm
    Configures authentication realms, which define how users authenticate to Proxmox VE. Supported realms include PVE's internal database, PAM (for local system users), and external sources like LDAP or Active Directory.

acl
    Manages Access Control List (ACL) entries, which define specific permissions for users or groups on particular Proxmox VE objects (e.g., virtual machines, storage, nodes).

role
    Manages roles, which are collections of privileges that can be assigned to users or groups. Proxmox VE provides default roles, and pveum allows for defining custom roles with specific sets of permissions.

pveum is a powerful command-line utility essential for administering user accounts, groups, roles, and access permissions within a Proxmox Virtual Environment (PVE) cluster. It provides the necessary tools for system administrators to control who can access and manage virtual machines, containers, storage, and other PVE resources. Through pveum, users can be created, modified, or deleted; assigned to groups; and linked to various authentication realms like PAM, LDAP, or Proxmox's internal database. The utility is fundamental for configuring Access Control Lists (ACLs) and defining custom roles, enabling granular control over user privileges. This ensures a secure and well-managed multi-user or multi-tenant virtualization environment, allowing for precise control over resource access and administrative actions. It serves as a vital tool for scripting and automating user management tasks.

pveum is specific to Proxmox Virtual Environment and is not a standard Linux command on general-purpose distributions. It requires administrative privileges on a Proxmox VE host. Incorrect usage can lead to unintended access changes or security vulnerabilities within the PVE cluster.

Proxmox VE utilizes a sophisticated Role-Based Access Control (RBAC) system combined with Access Control Lists (ACLs). Users are assigned roles, which define broad sets of privileges. ACLs then specify which roles or users have access to particular objects (e.g., VMs, storage, nodes) within the PVE hierarchy. pveum is the primary command-line tool for configuring this granular access control system.

Through pveum realm, administrators can configure various methods for user authentication. These include the PVE internal user database, PAM (for integration with local system users), and external directories such as LDAP or Microsoft Active Directory. This flexibility allows Proxmox VE to integrate seamlessly into existing IT infrastructures and leverage centralized user management systems.

pveum is an integral component of Proxmox Virtual Environment, an open-source server virtualization management solution first released in 2007. Its development has closely paralleled the evolution of Proxmox VE, driven by the increasing need for robust, centralized user and permission management in clustered virtualization environments. It provides a powerful command-line alternative to the web GUI for user and access management, facilitating scripting and automation of administrative tasks.

pvesh(1), pmxcfs(5), pam_ldap(8), passwd(5), group(5)