shell commands user roles
I'm new to Karaf and have a question about user access control within the (SSH) shell. Is there a way to define more granular level of user access to see (list/autocomplete) and execute commands via the (SSH) shell? For example, can certain commands be restricted to a configured set of user roles via the command's name or scope? Thanks, Robert -- View this message in context: http://karaf.922171.n3.nabble.com/shell-commands-user-roles-tp3474148p3474148.html Sent from the Karaf - User mailing list archive at Nabble.com.
Re: shell commands user roles
Not really, while that could be implemented for commands, the problem is that the command line also allows introspection and scripting and authorization can't easily be done at that level so the console would not be totally secured anyway. On Wed, Nov 2, 2011 at 16:25, rrsavage rrsav...@hotmail.com wrote: I'm new to Karaf and have a question about user access control within the (SSH) shell. Is there a way to define more granular level of user access to see (list/autocomplete) and execute commands via the (SSH) shell? For example, can certain commands be restricted to a configured set of user roles via the command's name or scope? Thanks, Robert -- View this message in context: http://karaf.922171.n3.nabble.com/shell-commands-user-roles-tp3474148p3474148.html Sent from the Karaf - User mailing list archive at Nabble.com. -- Guillaume Nodet Blog: http://gnodet.blogspot.com/ Open Source SOA http://fusesource.com
Re: shell commands user roles
Hi Robert, it's not possible for now but it's a good idea. We have something similar in Apache Kalumet (called AccessList). It's a good new feature for Karaf 3.0. Regards JB On 11/02/2011 04:58 PM, rrsavage wrote: Really what I'm after is a two level access system. An admin level that has full access to all commands, scripting, introspection, etc. And a user level of access that perhaps only provides access to a limited number of command. Additionally user level access would disallow scripting and introspection capabilities. Is this a reasonable approach and is it even possible? Thanks, Robert -- View this message in context: http://karaf.922171.n3.nabble.com/shell-commands-user-roles-tp3474148p3474241.html Sent from the Karaf - User mailing list archive at Nabble.com. -- Jean-Baptiste Onofré jbono...@apache.org http://blog.nanthrax.net Talend - http://www.talend.com
Re: shell commands user roles
Hi JB, Robert sounds like a reasonable User/Role feature for Karaf, would be interesting to see what roles we have here, a full accessible admin, a user level, do we need more distinct levels, like for example features, web, that correspond to the std. feature sets we have? @Robert could you open a Jira issue for that feature request :) regards, Achim 2011/11/2 Jean-Baptiste Onofré j...@nanthrax.net Hi Robert, it's not possible for now but it's a good idea. We have something similar in Apache Kalumet (called AccessList). It's a good new feature for Karaf 3.0. Regards JB On 11/02/2011 04:58 PM, rrsavage wrote: Really what I'm after is a two level access system. An admin level that has full access to all commands, scripting, introspection, etc. And a user level of access that perhaps only provides access to a limited number of command. Additionally user level access would disallow scripting and introspection capabilities. Is this a reasonable approach and is it even possible? Thanks, Robert -- View this message in context: http://karaf.922171.n3.nabble.** com/shell-commands-user-roles-**tp3474148p3474241.htmlhttp://karaf.922171.n3.nabble.com/shell-commands-user-roles-tp3474148p3474241.html Sent from the Karaf - User mailing list archive at Nabble.com. -- Jean-Baptiste Onofré jbono...@apache.org http://blog.nanthrax.net Talend - http://www.talend.com -- -- *Achim Nierbeck* Apache Karaf http://karaf.apache.org/ Committer PMC OPS4J Pax Web http://wiki.ops4j.org/display/paxweb/Pax+Web/ Committer Project Lead blog http://notizblog.nierbeck.de/
Re: shell commands user roles
We'd have to keep anything we do on role based access consistent with the web console / jmx management layers. On Wed, Nov 2, 2011 at 17:16, Achim Nierbeck bcanh...@googlemail.comwrote: Hi JB, Robert sounds like a reasonable User/Role feature for Karaf, would be interesting to see what roles we have here, a full accessible admin, a user level, do we need more distinct levels, like for example features, web, that correspond to the std. feature sets we have? @Robert could you open a Jira issue for that feature request :) regards, Achim 2011/11/2 Jean-Baptiste Onofré j...@nanthrax.net Hi Robert, it's not possible for now but it's a good idea. We have something similar in Apache Kalumet (called AccessList). It's a good new feature for Karaf 3.0. Regards JB On 11/02/2011 04:58 PM, rrsavage wrote: Really what I'm after is a two level access system. An admin level that has full access to all commands, scripting, introspection, etc. And a user level of access that perhaps only provides access to a limited number of command. Additionally user level access would disallow scripting and introspection capabilities. Is this a reasonable approach and is it even possible? Thanks, Robert -- View this message in context: http://karaf.922171.n3.nabble.** com/shell-commands-user-roles-**tp3474148p3474241.htmlhttp://karaf.922171.n3.nabble.com/shell-commands-user-roles-tp3474148p3474241.html Sent from the Karaf - User mailing list archive at Nabble.com. -- Jean-Baptiste Onofré jbono...@apache.org http://blog.nanthrax.net Talend - http://www.talend.com -- -- *Achim Nierbeck* Apache Karaf http://karaf.apache.org/ Committer PMC OPS4J Pax Web http://wiki.ops4j.org/display/paxweb/Pax+Web/ Committer Project Lead blog http://notizblog.nierbeck.de/ -- Guillaume Nodet Blog: http://gnodet.blogspot.com/ Open Source SOA http://fusesource.com
Re: shell commands user roles
Will do Thanks! -- View this message in context: http://karaf.922171.n3.nabble.com/shell-commands-user-roles-tp3474148p3474512.html Sent from the Karaf - User mailing list archive at Nabble.com.
Re: shell commands user roles
Feature Request created: https://issues.apache.org/jira/browse/KARAF-979 https://issues.apache.org/jira/browse/KARAF-979 -- View this message in context: http://karaf.922171.n3.nabble.com/shell-commands-user-roles-tp3474148p3474561.html Sent from the Karaf - User mailing list archive at Nabble.com.
Re: shell commands user roles
Thanks ;) Regards JB On 11/02/2011 06:41 PM, rrsavage wrote: Feature Request created: https://issues.apache.org/jira/browse/KARAF-979 https://issues.apache.org/jira/browse/KARAF-979 -- View this message in context: http://karaf.922171.n3.nabble.com/shell-commands-user-roles-tp3474148p3474561.html Sent from the Karaf - User mailing list archive at Nabble.com. -- Jean-Baptiste Onofré jbono...@apache.org http://blog.nanthrax.net Talend - http://www.talend.com
Re: shell commands user roles
Guillaume, regarding JMX there have already been requests to secure JMX so I think this should be a reasonable add-on :) @Robert thanx :) regards, Achim 2011/11/2 Jean-Baptiste Onofré j...@nanthrax.net Thanks ;) Regards JB On 11/02/2011 06:41 PM, rrsavage wrote: Feature Request created: https://issues.apache.org/**jira/browse/KARAF-979https://issues.apache.org/jira/browse/KARAF-979 https://issues.apache.org/**jira/browse/KARAF-979https://issues.apache.org/jira/browse/KARAF-979 -- View this message in context: http://karaf.922171.n3.nabble.** com/shell-commands-user-roles-**tp3474148p3474561.htmlhttp://karaf.922171.n3.nabble.com/shell-commands-user-roles-tp3474148p3474561.html Sent from the Karaf - User mailing list archive at Nabble.com. -- Jean-Baptiste Onofré jbono...@apache.org http://blog.nanthrax.net Talend - http://www.talend.com -- -- *Achim Nierbeck* Apache Karaf http://karaf.apache.org/ Committer PMC OPS4J Pax Web http://wiki.ops4j.org/display/paxweb/Pax+Web/ Committer Project Lead blog http://notizblog.nierbeck.de/