Hi Daniel,
actually, you found a bug in the distribution: the standard distribution
should ship jmx.acl and command.acl default files, and it doesn't.
I'm fixing that.
We should have:
org.apache.karaf.command.acl.bundle.cfg
org.apache.karaf.command.acl.config.cfg
org.apache.karaf.command.acl.feature.cfg
org.apache.karaf.command.acl.jaas.cfg
org.apache.karaf.command.acl.kar.cfg
org.apache.karaf.command.acl.scope_bundle.cfg
org.apache.karaf.command.acl.shell.cfg
org.apache.karaf.command.acl.system.cfg
in the distribution.
You can provide the acl files by yourself.
I'm fixing that.
Regards
JB
On 10/14/2015 04:10 PM, Daniel McGreal wrote:
Hi Karaf users,
I would like to allow a user to login to Karaf’s console and be able to execute
one command only: one that I supply.
So far, I have created my user in keys.properties and given it a new group,
‘newgroup’. In the same file I also “_g_\:pulsegroup = pulserole”.
I can login with the user OK but I’m surprised to be able to access the
existing commands. The documentation at
https://karaf.apache.org/manual/latest/users-guide/security.html#Console
suggests that the existing commands are mostly restricted to existing
roles/groups via org.apache.karaf.command.acl.* files, but these do not exist?
What am I missing? How can I restrict the commands the user can run to mine
only?
Thanks, Dan.
--
Jean-Baptiste Onofré
[email protected]
http://blog.nanthrax.net
Talend - http://www.talend.com
