Thanks JB, for your diligent reply as always! Would you be able to point me to where I can find the original files? I think I can recreate them from the documentation, but I would rather not risk a mistake. Very best, Dan.
> On 14 Oct 2015, at 15:17, Jean-Baptiste Onofré <[email protected]> wrote: > > Hi Daniel, > > actually, you found a bug in the distribution: the standard distribution > should ship jmx.acl and command.acl default files, and it doesn't. > > I'm fixing that. > > We should have: > > org.apache.karaf.command.acl.bundle.cfg > org.apache.karaf.command.acl.config.cfg > org.apache.karaf.command.acl.feature.cfg > org.apache.karaf.command.acl.jaas.cfg > org.apache.karaf.command.acl.kar.cfg > org.apache.karaf.command.acl.scope_bundle.cfg > org.apache.karaf.command.acl.shell.cfg > org.apache.karaf.command.acl.system.cfg > > in the distribution. > > You can provide the acl files by yourself. > > I'm fixing that. > > Regards > JB > > On 10/14/2015 04:10 PM, Daniel McGreal wrote: >> Hi Karaf users, >> >> I would like to allow a user to login to Karaf’s console and be able to >> execute one command only: one that I supply. >> >> So far, I have created my user in keys.properties and given it a new group, >> ‘newgroup’. In the same file I also “_g_\:pulsegroup = pulserole”. >> I can login with the user OK but I’m surprised to be able to access the >> existing commands. The documentation at >> https://karaf.apache.org/manual/latest/users-guide/security.html#Console >> suggests that the existing commands are mostly restricted to existing >> roles/groups via org.apache.karaf.command.acl.* files, but these do not >> exist? >> >> What am I missing? How can I restrict the commands the user can run to mine >> only? >> >> Thanks, Dan. >> > > -- > Jean-Baptiste Onofré > [email protected] > http://blog.nanthrax.net > Talend - http://www.talend.com
