I think it would be an interesting plugin to add. Do you mind to create a Jira about that ?
Regards JB On 12/09/2016 02:16 PM, Paul McCulloch wrote:
I think I've come to the same conclusion. It looks like some work on RBAC has been done in HawtIO (https://github.com/hawtio/hawtio/issues/465) so I'll see if that's any use. On 9 December 2016 at 12:57, Achim Nierbeck <[email protected] <mailto:[email protected]>> wrote: I fully agree with Milen on this. The WebConsole is just to "powerful" for an "ordinary" user. Just think of starting/stoping bundles by accident. This alone is already malicious enough, and hard to track ;) regards, Achim 2016-12-09 13:55 GMT+01:00 Milen Dyankov <[email protected] <mailto:[email protected]>>: I know this does not help you at all but IMHO giving random users access to webconsole is terrible idea. I personally consider webconsole only useful for developers and eventually highly trusted, responsible and knowledgeable administrators. On Fri, Dec 9, 2016 at 1:48 PM, Paul McCulloch <[email protected] <mailto:[email protected]>> wrote: Yes. Only admins can use webconsole, so the web console user can modify the roles required for shell:exec to match themselves. I guess what I am really saying is that I want a non admin user to be able to use web console. Even if I do stop a webconsole user from executing shell:exec, there is nothing to stop them loading a bundle that does whatever they want. So it would just be raising the bar for a malicious admin user. I think I may look at running karaf inside some sort of container (chroot, Docker) to reduce the rick of granting Karaf adamin rights where I don't want to give an OS login. Thanks. Paul On 9 December 2016 at 12:36, Jean-Baptiste Onofré <[email protected] <mailto:[email protected]>> wrote: By command, you mean shell:exec ? The acl should already prevent execution if the user doesn't have in the expected role. Regards JB On 12/09/2016 01:30 PM, Paul McCulloch wrote: That would be ideal, but right now I'm looking for any way to prevent access to these (very dangerous I think) commands. On 9 December 2016 at 12:08, Jean-Baptiste Onofré <[email protected] <mailto:[email protected]> <mailto:[email protected] <mailto:[email protected]>>> wrote: Hi Paul, So basically, you want RBAC on the webconsole. Correct ? It's not possible today without changing the webconsole. It's a good idea to add such feature. Regards JB On 12/09/2016 12:52 PM, Paul McCulloch wrote: Hi, I'm trying to prevent access to shell:exec from the console to try and harden my karaf install. I can revoke access from an admin user with "config:property-set -p org.apache.karaf.command.acl.shell exec uberadmin". I can also prevent the user from using config:property-set from restoring the permissions. What I can't seem to do is prevent an admin user from restoring permissions via the web console's Configuration gui. I want to permit remote access to the web console, but I don't want to give users the ability to run arbitrary commands on the server. Thanks, Paul -- Jean-Baptiste Onofré [email protected] <mailto:[email protected]> <mailto:[email protected] <mailto:[email protected]>> http://blog.nanthrax.net Talend - http://www.talend.com -- Jean-Baptiste Onofré [email protected] <mailto:[email protected]> http://blog.nanthrax.net Talend - http://www.talend.com -- http://about.me/milen -- Apache Member Apache Karaf <http://karaf.apache.org/> Committer & PMC OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/ <http://wiki.ops4j.org/display/paxweb/Pax+Web/>> Committer & Project Lead blog <http://notizblog.nierbeck.de/> Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS> Software Architect / Project Manager / Scrum Master
-- Jean-Baptiste Onofré [email protected] http://blog.nanthrax.net Talend - http://www.talend.com
