[OpenWrt-Devel] rpcd: file: add path based read/write/exec ACL checks
André Valentin
avalentin at marcant.net
Mon Sep 23 04:53:50 EDT 2019
Hi !
Thanks a lot, this works perfect.
Kind regards,
André
Am 22.09.19 um 20:07 schrieb Jo-Philipp Wich:
> Hi,
>
>> What do I have to do to enable access again, without calling ubus
>> session grant like in the commit? Thank you!
>
> you need to add the following sections:
>
> "superuser": {
> ...
> "read": {
> "file": {
> "/": [ "stat", "read" ],
> "/*": [ "stat", "read" ]
> }
> },
> "write": {
> "file": {
> "/": [ "write" ],
> "/*": [ "write", "exec" ]
> }
> }
> }
>
> Depending on your use case, you might not need the "write" and "exec"
> permissions at all.
>
> The "exec" entry will allow invoking commands matching the path "/*"
> (so, everything) and the "write" permission will allow (over)writing and
> removing files matching the wildcard path.
>
> Regards,
> Jo
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4058 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.infradead.org/pipermail/openwrt-devel/attachments/20190923/4f2bdb3a/attachment.p7s>
-------------- next part --------------
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list