karaf-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jean-Baptiste Onofré ...@nanthrax.net>
Subject Re: Preventing access to shell:exec in 4.0.7
Date Fri, 09 Dec 2016 12:08:58 GMT
Hi Paul,

So basically, you want RBAC on the webconsole. Correct ?

It's not possible today without changing the webconsole. It's a good 
idea to add such feature.

Regards
JB

On 12/09/2016 12:52 PM, Paul McCulloch wrote:
> Hi,
>
> I'm trying to prevent access to shell:exec from the console to try and
> harden my karaf install.
>
> I can revoke access from an admin user with "config:property-set -p
> org.apache.karaf.command.acl.shell exec uberadmin". I can also prevent
> the user from using config:property-set from restoring the permissions.
>
> What I can't seem to do is prevent an admin user from restoring
> permissions via the web console's Configuration gui.
>
> I want to permit remote access to the web console, but I don't want to
> give users the ability to run arbitrary commands on the server.
>
> Thanks,
>
> Paul

-- 
Jean-Baptiste Onofré
jbonofre@apache.org
http://blog.nanthrax.net
Talend - http://www.talend.com

Mime
View raw message