I fully agree with Milen on this. The WebConsole is just to "powerful" for an "ordinary" user. Just think of starting/stoping bundles by accident. This alone is already malicious enough, and hard to track ;)
regards, Achim 2016-12-09 13:55 GMT+01:00 Milen Dyankov <[email protected]>: > I know this does not help you at all but IMHO giving random users access > to webconsole is terrible idea. I personally consider webconsole only > useful for developers and eventually highly trusted, responsible and > knowledgeable administrators. > > On Fri, Dec 9, 2016 at 1:48 PM, Paul McCulloch <[email protected]> > wrote: > >> Yes. Only admins can use webconsole, so the web console user can modify >> the roles required for shell:exec to match themselves. >> >> I guess what I am really saying is that I want a non admin user to be >> able to use web console. >> >> Even if I do stop a webconsole user from executing shell:exec, there is >> nothing to stop them loading a bundle that does whatever they want. So it >> would just be raising the bar for a malicious admin user. >> >> I think I may look at running karaf inside some sort of container >> (chroot, Docker) to reduce the rick of granting Karaf adamin rights where I >> don't want to give an OS login. >> >> Thanks. >> >> Paul >> >> On 9 December 2016 at 12:36, Jean-Baptiste Onofré <[email protected]> >> wrote: >> >>> By command, you mean shell:exec ? The acl should already prevent >>> execution if the user doesn't have in the expected role. >>> >>> Regards >>> JB >>> >>> On 12/09/2016 01:30 PM, Paul McCulloch wrote: >>> >>>> That would be ideal, but right now I'm looking for any way to prevent >>>> access to these (very dangerous I think) commands. >>>> >>>> On 9 December 2016 at 12:08, Jean-Baptiste Onofré <[email protected] >>>> <mailto:[email protected]>> wrote: >>>> >>>> Hi Paul, >>>> >>>> So basically, you want RBAC on the webconsole. Correct ? >>>> >>>> It's not possible today without changing the webconsole. It's a good >>>> idea to add such feature. >>>> >>>> Regards >>>> JB >>>> >>>> >>>> On 12/09/2016 12:52 PM, Paul McCulloch wrote: >>>> >>>> Hi, >>>> >>>> I'm trying to prevent access to shell:exec from the console to >>>> try and >>>> harden my karaf install. >>>> >>>> I can revoke access from an admin user with >>>> "config:property-set -p >>>> org.apache.karaf.command.acl.shell exec uberadmin". I can also >>>> prevent >>>> the user from using config:property-set from restoring the >>>> permissions. >>>> >>>> What I can't seem to do is prevent an admin user from restoring >>>> permissions via the web console's Configuration gui. >>>> >>>> I want to permit remote access to the web console, but I don't >>>> want to >>>> give users the ability to run arbitrary commands on the server. >>>> >>>> Thanks, >>>> >>>> Paul >>>> >>>> >>>> -- >>>> Jean-Baptiste Onofré >>>> [email protected] <mailto:[email protected]> >>>> http://blog.nanthrax.net >>>> Talend - http://www.talend.com >>>> >>>> >>>> >>> -- >>> Jean-Baptiste Onofré >>> [email protected] >>> http://blog.nanthrax.net >>> Talend - http://www.talend.com >>> >> >> > > > -- > http://about.me/milen > -- Apache Member Apache Karaf <http://karaf.apache.org/> Committer & PMC OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer & Project Lead blog <http://notizblog.nierbeck.de/> Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS> Software Architect / Project Manager / Scrum Master
