diff options
author | Jo-Philipp Wich <jo@mein.io> | 2020-04-09 22:52:37 +0200 |
---|---|---|
committer | Jo-Philipp Wich <jo@mein.io> | 2020-04-09 23:23:33 +0200 |
commit | c099344013ad72d01a93b99184c72c5eeb792174 (patch) | |
tree | c01d65714fe1813b689151a31d370baca498f971 /modules/luci-mod-status/root | |
parent | 1e07e3a52d4d06cc82ab07f2b7fbba0a9a6fb801 (diff) |
treewide: reorganize base ACLs
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Diffstat (limited to 'modules/luci-mod-status/root')
-rw-r--r-- | modules/luci-mod-status/root/usr/share/rpcd/acl.d/luci-mod-status.json | 132 |
1 files changed, 132 insertions, 0 deletions
diff --git a/modules/luci-mod-status/root/usr/share/rpcd/acl.d/luci-mod-status.json b/modules/luci-mod-status/root/usr/share/rpcd/acl.d/luci-mod-status.json new file mode 100644 index 0000000000..989da497b5 --- /dev/null +++ b/modules/luci-mod-status/root/usr/share/rpcd/acl.d/luci-mod-status.json @@ -0,0 +1,132 @@ +{ + "luci-mod-status-realtime": { + "description": "Grant access to realtime statistics", + "read": { + "ubus": { + "luci": [ "getConntrackList", "getRealtimeStats" ], + "network.rrdns": [ "lookup" ] + } + } + }, + + "luci-mod-status-processes": { + "description": "Grant access to process status", + "read": { + "ubus": { + "luci": [ "getProcessList" ] + } + }, + "write": { + "file": { + "/bin/kill": [ "exec" ] + }, + "ubus": { + "file": [ "exec" ] + } + } + }, + + "luci-mod-status-logs": { + "description": "Grant access to system logs", + "read": { + "cgi-io": [ "exec" ], + "file": { + "/bin/dmesg -r": [ "exec" ], + "/sbin/logread": [ "stat" ], + "/sbin/logread -e ^": [ "exec" ], + "/usr/sbin/logread": [ "stat" ], + "/usr/sbin/logread -e ^": [ "exec" ] + }, + "ubus": { + "file": [ "stat" ] + } + } + }, + + "luci-mod-status-routes": { + "description": "Grant access to the system route status", + "read": { + "file": { + "/sbin/ip -[46] neigh show": [ "exec" ], + "/sbin/ip -[46] route show table all": [ "exec" ] + }, + "ubus": { + "file": [ "exec" ] + } + } + }, + + "luci-mod-status-firewall": { + "description": "Grant access to firewall status", + "read": { + "cgi-io": [ "exec" ], + "file": { + "/usr/sbin/iptables --line-numbers -w -nvxL -t *": [ "exec" ], + "/usr/sbin/ip6tables --line-numbers -w -nvxL -t *": [ "exec" ], + "/usr/sbin/ip6tables": [ "list" ] + }, + "ubus": { + "file": [ "stat" ] + } + }, + "write": { + "cgi-io": [ "exec" ], + "file": { + "/etc/init.d/firewall restart": [ "exec" ], + "/usr/sbin/iptables -Z": [ "exec" ], + "/usr/sbin/ip6tables -Z": [ "exec" ] + }, + "ubus": { + "file": [ "exec" ] + } + } + }, + + "luci-mod-status-index": { + "description": "Grant access to main status display", + "read": { + "file": { + "/proc/sys/net/netfilter/nf_conntrack_count": [ "read" ], + "/proc/sys/net/netfilter/nf_conntrack_max": [ "read" ], + "/usr/lib/lua/luci/version.lua": [ "read" ], + "/www/luci-static/resources/view/status/include": [ "list" ] + }, + "ubus": { + "file": [ "list", "read" ], + "system": [ "board", "info" ] + } + } + }, + + "luci-mod-status-index-dhcp": { + "description": "Grant access to DHCP status display", + "read": { + "ubus": { + "luci-rpc": [ "getDHCPLeases" ] + } + } + }, + + "luci-mod-status-index-dsl": { + "description": "Grant access to DSL status display", + "read": { + "ubus": { + "luci-rpc": [ "getDSLStatus" ] + } + } + }, + + "luci-mod-status-index-wifi": { + "description": "Grant access to wireless status display", + "read": { + "ubus": { + "iwinfo": [ "assoclist" ] + } + }, + "write": { + "ubus": { + "hostapd.*": [ "del_client" ] + } + } + }, +} |