Re: New user/role/group and default security?

Wed, 14 Oct 2015 07:42:50 -0700 

Hi Daniel,

you can reuse (by adapting a bit) the ones from Karaf 3.x:

https://github.com/apache/karaf/tree/karaf-3.0.x/assemblies/features/framework/src/main/resources/resources/etc

Regards
JB

On 10/14/2015 04:32 PM, Daniel McGreal wrote:

Thanks JB, for your diligent reply as always!
Would you be able to point me to where I can find the original files? I think I 
can recreate them from the documentation, but I would rather not risk a mistake.
Very best, Dan.


On 14 Oct 2015, at 15:17, Jean-Baptiste Onofré <[email protected]> wrote:

Hi Daniel,

actually, you found a bug in the distribution: the standard distribution should 
ship jmx.acl and command.acl default files, and it doesn't.

I'm fixing that.

We should have:

org.apache.karaf.command.acl.bundle.cfg
org.apache.karaf.command.acl.config.cfg
org.apache.karaf.command.acl.feature.cfg
org.apache.karaf.command.acl.jaas.cfg
org.apache.karaf.command.acl.kar.cfg
org.apache.karaf.command.acl.scope_bundle.cfg
org.apache.karaf.command.acl.shell.cfg
org.apache.karaf.command.acl.system.cfg

in the distribution.

You can provide the acl files by yourself.

I'm fixing that.

Regards
JB

On 10/14/2015 04:10 PM, Daniel McGreal wrote:

Hi Karaf users,

I would like to allow a user to login to Karaf’s console and be able to execute 
one command only: one that I supply.

So far, I have created my user in keys.properties and given it a new group, 
‘newgroup’. In the same file I also “_g_\:pulsegroup = pulserole”.
I can login with the user OK but I’m surprised to be able to access the 
existing commands. The documentation at 
https://karaf.apache.org/manual/latest/users-guide/security.html#Console 
suggests that the existing commands are mostly restricted to existing 
roles/groups via org.apache.karaf.command.acl.* files, but these do not exist?

What am I missing? How can I restrict the commands the user can run to mine 
only?

Thanks, Dan.



--
Jean-Baptiste Onofré
[email protected]
http://blog.nanthrax.net
Talend - http://www.talend.com




--
Jean-Baptiste Onofré
[email protected]
http://blog.nanthrax.net
Talend - http://www.talend.com

Reply via email to