From c806176317d212653547c9fb2f8c463e9efcb751 Mon Sep 17 00:00:00 2001
From: kisfenyo <nagyfenyvesi.viktor@gmail.com>
Date: Sun, 7 Jun 2026 20:21:51 +0200
Subject: [PATCH] update

---
 docs/phase1-2-findings.md | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

diff --git a/docs/phase1-2-findings.md b/docs/phase1-2-findings.md
index 5a5a8cf..ff04080 100644
--- a/docs/phase1-2-findings.md
+++ b/docs/phase1-2-findings.md
@@ -284,14 +284,23 @@ $ psql SELECT * FROM restore_check -> 42 | phase2-sentinel
 
 ---
 
-## 5. Teardown (executed — see §6 for what was left)
+## 5. Teardown (executed)
 Restore targets destroyed; Phase 1 objects and spike artifacts removed; `9000`/`9001`
-left **stopped-but-present**.
+left **stopped-but-present**. Verified clean: `felhom-ctl@pve` deleted, no spike ACLs,
+empty `dump/`, `spk1` removed.
+
+> **Correction:** `pveum acl delete` **requires `--roles`** (a bare `-user`/`-token`
+> path errors `400 roles: property is missing`). In practice the explicit ACL deletes
+> are unnecessary — deleting the token/user/role **auto-invalidates** the referencing
+> ACLs (PVE logs `ignore invalid acl token …` and drops them).
 
 ```bash
-pct destroy 9002 --purge ; pct destroy 9003 --purge
-pveum acl delete /vms/9001      -user 'felhom-ctl@pve' ; pveum acl delete /vms/9001      -token 'felhom-ctl@pve!ctl'
-pveum acl delete /storage/local -user 'felhom-ctl@pve' ; pveum acl delete /storage/local -token 'felhom-ctl@pve!ctl'
+pct stop 9002 ; pct stop 9003 ; pct destroy 9002 --purge ; pct destroy 9003 --purge
+# correct ACL-delete syntax (needs --roles), or just let user/role deletion clean them:
+pveum acl delete /vms/9001      --roles FelhomSelfBackup --users  'felhom-ctl@pve'
+pveum acl delete /vms/9001      --roles FelhomSelfBackup --tokens 'felhom-ctl@pve!ctl'
+pveum acl delete /storage/local --roles FelhomSelfBackup --users  'felhom-ctl@pve'
+pveum acl delete /storage/local --roles FelhomSelfBackup --tokens 'felhom-ctl@pve!ctl'
 pveum user token remove felhom-ctl@pve ctl ; pveum user delete felhom-ctl@pve ; pveum role delete FelhomSelfBackup
 pct delsnapshot 9001 spk1
 rm -f /var/lib/vz/dump/vzdump-lxc-9001-*.tar.zst /var/lib/vz/dump/vzdump-lxc-9001-*.log