Repository: karaf Updated Branches: refs/heads/master 025b6fb44 -> 09d47ba57
[KARAF-4065] Provide default ACL files in distributions Project: http://git-wip-us.apache.org/repos/asf/karaf/repo Commit: http://git-wip-us.apache.org/repos/asf/karaf/commit/09d47ba5 Tree: http://git-wip-us.apache.org/repos/asf/karaf/tree/09d47ba5 Diff: http://git-wip-us.apache.org/repos/asf/karaf/diff/09d47ba5 Branch: refs/heads/master Commit: 09d47ba575fcf033c476b0f5c5ca1b1575642210 Parents: 025b6fb Author: Jean-Baptiste Onofré <[email protected]> Authored: Tue Nov 3 14:13:01 2015 +0100 Committer: Jean-Baptiste Onofré <[email protected]> Committed: Tue Nov 3 14:13:01 2015 +0100 ---------------------------------------------------------------------- .../resources/etc/jmx.acl.java.lang.Memory.cfg | 25 +++++++++ .../etc/jmx.acl.org.apache.karaf.bundle.cfg | 40 +++++++++++++++ .../etc/jmx.acl.org.apache.karaf.config.cfg | 52 +++++++++++++++++++ .../jmx.acl.org.apache.karaf.security.jmx.cfg | 27 ++++++++++ .../etc/jmx.acl.osgi.compendium.cm.cfg | 53 ++++++++++++++++++++ .../etc/org.apache.karaf.command.acl.bundle.cfg | 44 ++++++++++++++++ .../etc/org.apache.karaf.command.acl.config.cfg | 45 +++++++++++++++++ .../org.apache.karaf.command.acl.feature.cfg | 27 ++++++++++ .../etc/org.apache.karaf.command.acl.jaas.cfg | 27 ++++++++++ .../etc/org.apache.karaf.command.acl.kar.cfg | 27 ++++++++++ ...rg.apache.karaf.command.acl.scope_bundle.cfg | 31 ++++++++++++ .../etc/org.apache.karaf.command.acl.shell.cfg | 29 +++++++++++ .../etc/org.apache.karaf.command.acl.system.cfg | 53 ++++++++++++++++++++ 13 files changed, 480 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/karaf/blob/09d47ba5/assemblies/features/base/src/main/resources/resources/etc/jmx.acl.java.lang.Memory.cfg ---------------------------------------------------------------------- diff --git a/assemblies/features/base/src/main/resources/resources/etc/jmx.acl.java.lang.Memory.cfg b/assemblies/features/base/src/main/resources/resources/etc/jmx.acl.java.lang.Memory.cfg new file mode 100644 index 0000000..a58bcf5 --- /dev/null +++ b/assemblies/features/base/src/main/resources/resources/etc/jmx.acl.java.lang.Memory.cfg @@ -0,0 +1,25 @@ +################################################################################ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +# +# JMX ACL specific to the java.lang.Memory MBean +# +# For a description of the format of this file, see jmx.acl.cfg +# +gc = manager http://git-wip-us.apache.org/repos/asf/karaf/blob/09d47ba5/assemblies/features/base/src/main/resources/resources/etc/jmx.acl.org.apache.karaf.bundle.cfg ---------------------------------------------------------------------- diff --git a/assemblies/features/base/src/main/resources/resources/etc/jmx.acl.org.apache.karaf.bundle.cfg b/assemblies/features/base/src/main/resources/resources/etc/jmx.acl.org.apache.karaf.bundle.cfg new file mode 100644 index 0000000..dd318d8 --- /dev/null +++ b/assemblies/features/base/src/main/resources/resources/etc/jmx.acl.org.apache.karaf.bundle.cfg @@ -0,0 +1,40 @@ +################################################################################ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +# +# JMX ACL specific to the org.apache.karaf:type=bundle,name=* MBean which maps to the Karaf MBean +# to control OSGi bundles. +# +# For a description of the format of this file, see jmx.acl.cfg +# +install = manager +refresh = manager +resolve = manager +restart = manager +setStartLevel(java.lang.String, int)[/([1-4])?[0-9]/,/.*/] = admin +setStartLevel = manager +start(java.lang.String)[/([1-4])?[0-9]/] = admin +start = manager +stop(java.lang.String)[/([1-4])?[0-9]/] = admin +stop = manager +uninstall(java.lang.String)["0"] = #this is a comment, no roles can perform this operation +uninstall = admin +update(java.lang.String)[/([1-4])?[0-9]/] = admin +update(java.lang.String,java.lang.String)[/([1-4])?[0-9]/,/.*/] = admin +update = manager \ No newline at end of file http://git-wip-us.apache.org/repos/asf/karaf/blob/09d47ba5/assemblies/features/base/src/main/resources/resources/etc/jmx.acl.org.apache.karaf.config.cfg ---------------------------------------------------------------------- diff --git a/assemblies/features/base/src/main/resources/resources/etc/jmx.acl.org.apache.karaf.config.cfg b/assemblies/features/base/src/main/resources/resources/etc/jmx.acl.org.apache.karaf.config.cfg new file mode 100644 index 0000000..a597112 --- /dev/null +++ b/assemblies/features/base/src/main/resources/resources/etc/jmx.acl.org.apache.karaf.config.cfg @@ -0,0 +1,52 @@ +################################################################################ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +# +# JMX ACL specific to the org.apache.karaf:type=config,name=* MBean which maps to the Karaf MBean to interact with the +# OSGi Config Admin service. +# +# For a description of the format of this file, see jmx.acl.cfg +# +# By default, only an admin can make changes to the JMX ACL and shell command rules, but managers can make +# changes to other PIDs. +# +appendProperty(java.lang.String,java.lang.String,java.lang.String)[/jmx[.]acl.*/,/.*/,/.*/] = admin +appendProperty(java.lang.String,java.lang.String,java.lang.String)[/org[.]apache[.]karaf[.]command[.]acl.+/,/.*/,/.*/] = admin +appendProperty(java.lang.String,java.lang.String,java.lang.String)[/org[.]apache[.]karaf[.]service[.]acl.+/,/.*/,/.*/] = admin +appendProperty(java.lang.String,java.lang.String,java.lang.String) = manager +create(java.lang.String)[/jmx[.]acl.*/] = admin +create(java.lang.String)[/org[.]apache[.]karaf[.]command[.]acl.+/] = admin +create(java.lang.String)[/org[.]apache[.]karaf[.]service[.]acl.+/] = admin +create(java.lang.String) = manager +delete(java.lang.String)[/jmx[.]acl.*/] = admin +delete(java.lang.String)[/org[.]apache[.]karaf[.]command[.]acl.+/] = admin +delete(java.lang.String)[/org[.]apache[.]karaf[.]service[.]acl.+/] = admin +delete(java.lang.String) = manager +deleteProperty(java.lang.String,java.lang.String)[/jmx[.]acl.*/,/.*/] = admin +deleteProperty(java.lang.String,java.lang.String)[/org[.]apache[.]karaf[.]command[.]acl.+/,/.*/] = admin +deleteProperty(java.lang.String,java.lang.String)[/org[.]apache[.]karaf[.]service[.]acl.+/,/.*/] = admin +deleteProperty(java.lang.String,java.lang.String) = manager +setProperty(java.lang.String,java.lang.String,java.lang.String)[/jmx[.]acl.*/,/.*/,/.*/] = admin +setProperty(java.lang.String,java.lang.String,java.lang.String)[/org[.]apache[.]karaf[.]command[.]acl.+/,/.*/,/.*/] = admin +setProperty(java.lang.String,java.lang.String,java.lang.String)[/org[.]apache[.]karaf[.]service[.]acl.+/,/.*/,/.*/] = admin +setProperty(java.lang.String,java.lang.String,java.lang.String) = manager +update(java.lang.String,java.util.Map)[/jmx[.]acl.*/,/.*/] = admin +update(java.lang.String,java.util.Map)[/org[.]apache[.]karaf[.]command[.]acl.+/,/.*/] = admin +update(java.lang.String,java.util.Map)[/org[.]apache[.]karaf[.]service[.]acl.+/,/.*/] = admin +update(java.lang.String,java.util.Map) = manager \ No newline at end of file http://git-wip-us.apache.org/repos/asf/karaf/blob/09d47ba5/assemblies/features/base/src/main/resources/resources/etc/jmx.acl.org.apache.karaf.security.jmx.cfg ---------------------------------------------------------------------- diff --git a/assemblies/features/base/src/main/resources/resources/etc/jmx.acl.org.apache.karaf.security.jmx.cfg b/assemblies/features/base/src/main/resources/resources/etc/jmx.acl.org.apache.karaf.security.jmx.cfg new file mode 100644 index 0000000..0af2c96 --- /dev/null +++ b/assemblies/features/base/src/main/resources/resources/etc/jmx.acl.org.apache.karaf.security.jmx.cfg @@ -0,0 +1,27 @@ +################################################################################ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +# +# JMX ACL specific to the org.apache.karaf:type=security,area=jmx MBean which +# can be used to find out whether the currently logged in JMX user can invoke +# the requested JMX operations. +# +# For a description of the format of this file, see jmx.acl.cfg +# +canInvoke = viewer \ No newline at end of file http://git-wip-us.apache.org/repos/asf/karaf/blob/09d47ba5/assemblies/features/base/src/main/resources/resources/etc/jmx.acl.osgi.compendium.cm.cfg ---------------------------------------------------------------------- diff --git a/assemblies/features/base/src/main/resources/resources/etc/jmx.acl.osgi.compendium.cm.cfg b/assemblies/features/base/src/main/resources/resources/etc/jmx.acl.osgi.compendium.cm.cfg new file mode 100644 index 0000000..7de362d --- /dev/null +++ b/assemblies/features/base/src/main/resources/resources/etc/jmx.acl.osgi.compendium.cm.cfg @@ -0,0 +1,53 @@ +################################################################################ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +# +# JMX ACL specific to osgi.compendium.cm MBean +# +# For a description of the format of this file, see jmx.acl.cfg +# +# This configuration file configures the management of ConfigAdmin via the standard ConfigAdmin MBean +# Such that only an admin can make changes to the JMX ACL rules, but managers can make +# changes to other PIDs. +# +createFactoryConfiguration(java.lang.String)[/jmx[.]acl.*/] = admin +createFactoryConfiguration(java.lang.String)[/org[.]apache[.]karaf[.]command[.]acl[.].+/] = admin +createFactoryConfiguration(java.lang.String)[/org[.]apache[.]karaf[.]service[.]acl[.].+/] = admin +createFactoryConfiguration(java.lang.String) = manager +createFactoryConfigurationForLocation(java.lang.String,java.lang.String)[/jmx[.]acl.*/,/.*/] = admin +createFactoryConfigurationForLocation(java.lang.String,java.lang.String)[/org[.]apache[.]karaf[.]command[.]acl[.].+/,/.*/] = admin +createFactoryConfigurationForLocation(java.lang.String,java.lang.String)[/org[.]apache[.]karaf[.]service[.]acl[.].+/,/.*/] = admin +createFactoryConfigurationForLocation(java.lang.String,java.lang.String) = manager +delete(java.lang.String)[/jmx[.]acl.*/] = admin +delete(java.lang.String)[/org[.]apache[.]karaf[.]command[.]acl[.].+/] = admin +delete(java.lang.String)[/org[.]apache[.]karaf[.]service[.]acl[.].+/] = admin +delete(java.lang.String) = manager +deleteConfigurations = admin +deleteForLocation(java.lang.String,java.lang.String)[/jmx[.]acl.*/,/.*/] = admin +deleteForLocation(java.lang.String,java.lang.String)[/org[.]apache[.]karaf[.]command[.]acl[.].+/,/.*/] = admin +deleteForLocation(java.lang.String,java.lang.String)[/org[.]apache[.]karaf[.]service[.]acl[.].+/,/.*/] = admin +deleteForLocation(java.lang.String,java.lang.String) = manager +update(java.lang.String,javax.management.openmbean.TabularData)[/jmx[.]acl.*/,/.*/] = admin +update(java.lang.String,javax.management.openmbean.TabularData)[/org[.]apache[.]karaf[.]command[.]acl[.].+/,/.*/] = admin +update(java.lang.String,javax.management.openmbean.TabularData)[/org[.]apache[.]karaf[.]service[.]acl[.].+/,/.*/] = admin +update(java.lang.String,javax.management.openmbean.TabularData) = manager +updateForLocation(java.lang.String,java.lang.String,javax.management.openmbean.TabularData)[/jmx[.]acl.*/,/.*/,/.*/] = admin +updateForLocation(java.lang.String,java.lang.String,javax.management.openmbean.TabularData)[/org[.]apache[.]karaf[.]command[.]acl[.].+/,/.*/,/.*/] = admin +updateForLocation(java.lang.String,java.lang.String,javax.management.openmbean.TabularData)[/org[.]apache[.]karaf[.]service[.]acl[.].+/,/.*/,/.*/] = admin +updateForLocation(java.lang.String,java.lang.String,javax.management.openmbean.TabularData) = manager \ No newline at end of file http://git-wip-us.apache.org/repos/asf/karaf/blob/09d47ba5/assemblies/features/base/src/main/resources/resources/etc/org.apache.karaf.command.acl.bundle.cfg ---------------------------------------------------------------------- diff --git a/assemblies/features/base/src/main/resources/resources/etc/org.apache.karaf.command.acl.bundle.cfg b/assemblies/features/base/src/main/resources/resources/etc/org.apache.karaf.command.acl.bundle.cfg new file mode 100644 index 0000000..d50320e --- /dev/null +++ b/assemblies/features/base/src/main/resources/resources/etc/org.apache.karaf.command.acl.bundle.cfg @@ -0,0 +1,44 @@ +################################################################################ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +# +# This configuration file defines the ACLs for commands in the bundle subshell +# +# For an explanation of the syntax of this file, see the file: +# org.apache.karaf.command.acl.system.cfg +# +# This configuration relies on the fact that 'system' bundles need to be managed +# with the +# -f (--force) +# flag. Operations with -f need admin permission. Most of these operations without +# the 'force' option can be done by a manager. +install = admin +refresh[/.*[-][f].*/] = admin +refresh = manager +restart[/.*[-][f].*/] = admin +restart = manager +start[/.*[-][f].*/] = admin +start = manager +stop[/.*[-][f].*/] = admin +stop = manager +uninstall[/.*[-][f].*/] = admin +uninstall = manager +update[/.*[-][f].*/] = admin +update = manager +watch = admin http://git-wip-us.apache.org/repos/asf/karaf/blob/09d47ba5/assemblies/features/base/src/main/resources/resources/etc/org.apache.karaf.command.acl.config.cfg ---------------------------------------------------------------------- diff --git a/assemblies/features/base/src/main/resources/resources/etc/org.apache.karaf.command.acl.config.cfg b/assemblies/features/base/src/main/resources/resources/etc/org.apache.karaf.command.acl.config.cfg new file mode 100644 index 0000000..e9a5be2 --- /dev/null +++ b/assemblies/features/base/src/main/resources/resources/etc/org.apache.karaf.command.acl.config.cfg @@ -0,0 +1,45 @@ +################################################################################ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +# +# This configuration file defines the ACLs for various commands in the config subshell +# +# For an explanation of the syntax of this file, see the file: +# org.apache.karaf.command.acl.system.cfg +# + +cancel = manager +delete = admin +edit = manager +edit[/.*jmx[.]acl.*/] = admin +edit[/.*org[.]apache[.]karaf[.]command[.]acl[.].+/] = admin +edit[/.*org[.]apache[.]karaf[.]service[.]acl[.].+/] = admin +property-append = manager +property-append[/.*jmx[.]acl.*/] = admin +property-append[/.*org[.]apache[.]karaf[.]command[.]acl[.].+/] = admin +property-append[/.*org[.]apache[.]karaf[.]service[.]acl[.].+/] = admin +property-delete = manager +property-delete[/.*jmx[.]acl.*/] = admin +property-delete[/.*org[.]apache[.]karaf[.]command[.]acl[.].+/] = admin +property-delete[/.*org[.]apache[.]karaf[.]service[.]acl[.].+/] = admin +property-set = manager +property-set[/.*jmx[.]acl.*/] = admin +property-set[/.*org[.]apache[.]karaf[.]command[.]acl[.].+/] = admin +property-set[/.*org[.]apache[.]karaf[.]service[.]acl[.].+/] = admin +update = manager \ No newline at end of file http://git-wip-us.apache.org/repos/asf/karaf/blob/09d47ba5/assemblies/features/base/src/main/resources/resources/etc/org.apache.karaf.command.acl.feature.cfg ---------------------------------------------------------------------- diff --git a/assemblies/features/base/src/main/resources/resources/etc/org.apache.karaf.command.acl.feature.cfg b/assemblies/features/base/src/main/resources/resources/etc/org.apache.karaf.command.acl.feature.cfg new file mode 100644 index 0000000..fd41ab9 --- /dev/null +++ b/assemblies/features/base/src/main/resources/resources/etc/org.apache.karaf.command.acl.feature.cfg @@ -0,0 +1,27 @@ +################################################################################ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +# +# This configuration file defines the ACLs for commands in the kar subshell +# +# For an explanation of the syntax of this file, see the file: +# org.apache.karaf.command.acl.system.cfg +# +install = admin +uninstall = admin http://git-wip-us.apache.org/repos/asf/karaf/blob/09d47ba5/assemblies/features/base/src/main/resources/resources/etc/org.apache.karaf.command.acl.jaas.cfg ---------------------------------------------------------------------- diff --git a/assemblies/features/base/src/main/resources/resources/etc/org.apache.karaf.command.acl.jaas.cfg b/assemblies/features/base/src/main/resources/resources/etc/org.apache.karaf.command.acl.jaas.cfg new file mode 100644 index 0000000..0c0644b --- /dev/null +++ b/assemblies/features/base/src/main/resources/resources/etc/org.apache.karaf.command.acl.jaas.cfg @@ -0,0 +1,27 @@ +################################################################################ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +# +# This configuration file defines the ACLs for commands in the jaas subshell +# +# For an explanation of the syntax of this file, see the file: +# org.apache.karaf.command.acl.system.cfg +# +# Jaas commands commands have no effect until update is called. +update = admin http://git-wip-us.apache.org/repos/asf/karaf/blob/09d47ba5/assemblies/features/base/src/main/resources/resources/etc/org.apache.karaf.command.acl.kar.cfg ---------------------------------------------------------------------- diff --git a/assemblies/features/base/src/main/resources/resources/etc/org.apache.karaf.command.acl.kar.cfg b/assemblies/features/base/src/main/resources/resources/etc/org.apache.karaf.command.acl.kar.cfg new file mode 100644 index 0000000..fd41ab9 --- /dev/null +++ b/assemblies/features/base/src/main/resources/resources/etc/org.apache.karaf.command.acl.kar.cfg @@ -0,0 +1,27 @@ +################################################################################ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +# +# This configuration file defines the ACLs for commands in the kar subshell +# +# For an explanation of the syntax of this file, see the file: +# org.apache.karaf.command.acl.system.cfg +# +install = admin +uninstall = admin http://git-wip-us.apache.org/repos/asf/karaf/blob/09d47ba5/assemblies/features/base/src/main/resources/resources/etc/org.apache.karaf.command.acl.scope_bundle.cfg ---------------------------------------------------------------------- diff --git a/assemblies/features/base/src/main/resources/resources/etc/org.apache.karaf.command.acl.scope_bundle.cfg b/assemblies/features/base/src/main/resources/resources/etc/org.apache.karaf.command.acl.scope_bundle.cfg new file mode 100644 index 0000000..5e909e5 --- /dev/null +++ b/assemblies/features/base/src/main/resources/resources/etc/org.apache.karaf.command.acl.scope_bundle.cfg @@ -0,0 +1,31 @@ +################################################################################ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +# +# This configuration file defines the ACLs for scope bundles +# +features=org.apache.karaf.features.command +jaas=org.apache.karaf.jaas.command +admin=org.apache.karaf.admin.command +osgi=org.apache.karaf.shell.osgi +log=org.apache.karaf.shell.log +packages=org.apache.karaf.shell.packages +config=org.apache.karaf.shell.config +ssh=org.apache.karaf.shell.ssh +shell=org.apache.karaf.shell.commands http://git-wip-us.apache.org/repos/asf/karaf/blob/09d47ba5/assemblies/features/base/src/main/resources/resources/etc/org.apache.karaf.command.acl.shell.cfg ---------------------------------------------------------------------- diff --git a/assemblies/features/base/src/main/resources/resources/etc/org.apache.karaf.command.acl.shell.cfg b/assemblies/features/base/src/main/resources/resources/etc/org.apache.karaf.command.acl.shell.cfg new file mode 100644 index 0000000..28880b6 --- /dev/null +++ b/assemblies/features/base/src/main/resources/resources/etc/org.apache.karaf.command.acl.shell.cfg @@ -0,0 +1,29 @@ +################################################################################ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +# +# This configuration file defines the ACLs for commands in the shell subshell +# +# For an explanation of the syntax of this file, see the file: +# org.apache.karaf.command.acl.system.cfg +# +edit = admin +exec = admin +new = admin +java = admin http://git-wip-us.apache.org/repos/asf/karaf/blob/09d47ba5/assemblies/features/base/src/main/resources/resources/etc/org.apache.karaf.command.acl.system.cfg ---------------------------------------------------------------------- diff --git a/assemblies/features/base/src/main/resources/resources/etc/org.apache.karaf.command.acl.system.cfg b/assemblies/features/base/src/main/resources/resources/etc/org.apache.karaf.command.acl.system.cfg new file mode 100644 index 0000000..7927798 --- /dev/null +++ b/assemblies/features/base/src/main/resources/resources/etc/org.apache.karaf.command.acl.system.cfg @@ -0,0 +1,53 @@ +################################################################################ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +# +# This configuration file defines the ACLs for commands in the system subshell +# +# The format of this file is as follows: +# The name of the file corresponds to a Configuration Admin PID. This file is for PID: +# org.apache.karaf.command.acl.system +# The prefix org.apache.karaf.command.acl. determines that this file defines ACLs for karaf +# commands. The last word on the PID declares the scope that it applies to, i.e. this file +# is for the 'system' scope. +# Entries in this file map to commands within the defined scope. The simplest role definition +# has the form: +# command = role1, role2, role3 +# Specific roles can also be declared for certain arguments to the command. This is done using +# regular expression matching. +# All the arguments to the command are represented as a list using the following syntax: +# [arg1,arg2,arg3] +# The matching is done after converting this list into a string. So the line +# start-level[/.*[0-9][0-9][0-9]+.*/] = manager +# declares that a manager role is needed to set a start level with 3 digits or more. The .* +# wildcards at the beginning and end are used to match the '[' and ']' characters surrounding. +# When looking for a match the regular-expression based ACLs are always checked first. If any +# of them match the associated roles are used. +# +# If no match can be found based on reg-exp ACLs, a match is looked for based purely on the +# command name. +# +# If no command-name match can be found it is assumed that the command does not need a specific +# role and can therefore be invoked by any user. + +property = admin +shutdown = admin +start-level[/.*[0-9][0-9][0-9]+.*/] = manager # manager can set startlevels above 100 +start-level[/[^0-9]*/] = viewer # viewer can obtain the current start level +start-level = admin # admin can set any start level, including < 100
