By command, you mean shell:exec ? The acl should already prevent
execution if the user doesn't have in the expected role.
Regards
JB
On 12/09/2016 01:30 PM, Paul McCulloch wrote:
That would be ideal, but right now I'm looking for any way to prevent
access to these (very dangerous I think) commands.
On 9 December 2016 at 12:08, Jean-Baptiste Onofré <[email protected]
<mailto:[email protected]>> wrote:
Hi Paul,
So basically, you want RBAC on the webconsole. Correct ?
It's not possible today without changing the webconsole. It's a good
idea to add such feature.
Regards
JB
On 12/09/2016 12:52 PM, Paul McCulloch wrote:
Hi,
I'm trying to prevent access to shell:exec from the console to
try and
harden my karaf install.
I can revoke access from an admin user with "config:property-set -p
org.apache.karaf.command.acl.shell exec uberadmin". I can also
prevent
the user from using config:property-set from restoring the
permissions.
What I can't seem to do is prevent an admin user from restoring
permissions via the web console's Configuration gui.
I want to permit remote access to the web console, but I don't
want to
give users the ability to run arbitrary commands on the server.
Thanks,
Paul
--
Jean-Baptiste Onofré
[email protected] <mailto:[email protected]>
http://blog.nanthrax.net
Talend - http://www.talend.com
--
Jean-Baptiste Onofré
[email protected]
http://blog.nanthrax.net
Talend - http://www.talend.com
