[
https://issues.apache.org/jira/browse/SLING-5848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15545279#comment-15545279
]
Oliver Lietz commented on SLING-5848:
-------------------------------------
[~bdelacretaz], [~chetanm] Do we need this section at all? We are granting
{{read}} on {{/}} to {{everyone}} in Oak Server (configurable):
{noformat}
set ACL for sling-scripting
deny jcr:all on /libs,/apps
allow jcr:read on /libs,/apps
end
{noformat}
And if we keep it, shouldn't we {{deny}} on {{/}} instead?
> Define service user and ACLs for Scripting
> ------------------------------------------
>
> Key: SLING-5848
> URL: https://issues.apache.org/jira/browse/SLING-5848
> Project: Sling
> Issue Type: Task
> Components: Launchpad, Scripting
> Reporter: Oliver Lietz
> Assignee: Oliver Lietz
> Fix For: Launchpad Builder 9
>
>
> Scripting implementations require a (service) ResourceResolver with very
> limited read rights to read scripts.
> Reading can be limited to these paths:
> * {{/apps}}
> * {{/libs}}
> * -{{/etc}}- (?)
> Name for service user: {{scripting}} or {{sling-scripting}} or
> {{sling.scripting}} (?)
> *repoinit:*
> {noformat}
> create path /apps
> create path /libs
> create service user sling-scripting
> set ACL for sling-scripting
> allow jcr:read on /apps
> allow jcr:read on /libs
> end
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
