That would be ideal, but right now I'm looking for any way to prevent access to these (very dangerous I think) commands.
On 9 December 2016 at 12:08, Jean-Baptiste Onofré <[email protected]> wrote: > Hi Paul, > > So basically, you want RBAC on the webconsole. Correct ? > > It's not possible today without changing the webconsole. It's a good idea > to add such feature. > > Regards > JB > > > On 12/09/2016 12:52 PM, Paul McCulloch wrote: > >> Hi, >> >> I'm trying to prevent access to shell:exec from the console to try and >> harden my karaf install. >> >> I can revoke access from an admin user with "config:property-set -p >> org.apache.karaf.command.acl.shell exec uberadmin". I can also prevent >> the user from using config:property-set from restoring the permissions. >> >> What I can't seem to do is prevent an admin user from restoring >> permissions via the web console's Configuration gui. >> >> I want to permit remote access to the web console, but I don't want to >> give users the ability to run arbitrary commands on the server. >> >> Thanks, >> >> Paul >> > > -- > Jean-Baptiste Onofré > [email protected] > http://blog.nanthrax.net > Talend - http://www.talend.com >
