[OpenWrt-Devel] rpcd: file: add path based read/write/exec ACL checks
Jo-Philipp Wich
jo at mein.io
Sun Sep 22 14:07:28 EDT 2019
Hi,
> What do I have to do to enable access again, without calling ubus
> session grant like in the commit? Thank you!
you need to add the following sections:
"superuser": {
...
"read": {
"file": {
"/": [ "stat", "read" ],
"/*": [ "stat", "read" ]
}
},
"write": {
"file": {
"/": [ "write" ],
"/*": [ "write", "exec" ]
}
}
}
Depending on your use case, you might not need the "write" and "exec"
permissions at all.
The "exec" entry will allow invoking commands matching the path "/*"
(so, everything) and the "write" permission will allow (over)writing and
removing files matching the wildcard path.
Regards,
Jo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.infradead.org/pipermail/openwrt-devel/attachments/20190922/2d0d2aa2/attachment.sig>
-------------- next part --------------
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list