1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
|
{
"unauthenticated": {
"description": "Allow system feature probing",
"read": {
"ubus": {
"luci": [ "getFeatures" ]
}
}
},
"uci-access": {
"description": "Grant uci write access to all configurations",
"read": {
"uci": [ "*" ]
},
"write": {
"uci": [ "*" ]
}
},
"luci-access": {
"description": "Grant access to basic LuCI procedures",
"read": {
"cgi-io": [ "backup", "download", "exec" ],
"file": {
"/": [ "list" ],
"/*": [ "list" ],
"/dev/mtdblock*": [ "read" ],
"/etc/crontabs/root": [ "read" ],
"/etc/dropbear/authorized_keys": [ "read" ],
"/etc/filesystems": [ "read" ],
"/etc/rc.local": [ "read" ],
"/etc/sysupgrade.conf": [ "read" ],
"/etc/passwd": [ "read" ],
"/etc/group": [ "read" ],
"/proc/filesystems": [ "read" ],
"/proc/mtd": [ "read" ],
"/proc/partitions": [ "read" ],
"/proc/sys/kernel/hostname": [ "read" ],
"/proc/sys/net/netfilter/nf_conntrack_*": [ "read" ],
"/proc/mounts": [ "read" ],
"/usr/lib/lua/luci/version.lua": [ "read" ],
"/bin/dmesg -r": [ "exec" ],
"/bin/ping *": [ "exec" ],
"/bin/ping6 *": [ "exec" ],
"/bin/traceroute *": [ "exec" ],
"/bin/traceroute6 *": [ "exec" ],
"/sbin/ip -4 neigh show": [ "exec" ],
"/sbin/ip -4 route show table all": [ "exec" ],
"/sbin/ip -6 neigh show": [ "exec" ],
"/sbin/ip -6 route show table all": [ "exec" ],
"/sbin/logread -e ^": [ "exec" ],
"/usr/bin/ping *": [ "exec" ],
"/usr/bin/ping6 *": [ "exec" ],
"/usr/bin/traceroute *": [ "exec" ],
"/usr/bin/traceroute6 *": [ "exec" ],
"/usr/bin/nslookup *": [ "exec" ],
"/usr/libexec/luci-peeraddr": [ "exec" ],
"/usr/sbin/iptables --line-numbers -w -nvxL -t *": [ "exec" ],
"/usr/sbin/ip6tables --line-numbers -w -nvxL -t *": [ "exec" ]
},
"ubus": {
"file": [ "list", "read", "stat" ],
"iwinfo": [ "assoclist", "freqlist", "txpowerlist", "countrylist" ],
"luci": [ "getConntrackList", "getInitList", "getLocaltime", "getProcessList", "getRealtimeStats", "getTimezones", "getLEDs", "getUSBDevices", "getSwconfigFeatures", "getSwconfigPortState", "getBlockDevices", "getMountPoints" ],
"luci-rpc": [ "getBoardJSON", "getDHCPLeases", "getDSLStatus", "getDUIDHints", "getHostHints", "getNetworkDevices", "getWirelessDevices" ],
"network.interface": [ "dump" ],
"network.rrdns": [ "lookup" ],
"network": [ "get_proto_handlers" ],
"system": [ "board", "info", "validate_firmware_image" ],
"uci": [ "changes", "get" ]
},
"uci": [ "*" ]
},
"write": {
"cgi-io": [ "upload" ],
"file": {
"/etc/crontabs/root": [ "write" ],
"/etc/dropbear/authorized_keys": [ "write" ],
"/etc/init.d/firewall restart": [ "exec" ],
"/etc/luci-uploads/*": [ "write" ],
"/etc/rc.local": [ "write" ],
"/etc/sysupgrade.conf": [ "write" ],
"/sbin/block": [ "exec" ],
"/sbin/firstboot": [ "exec" ],
"/sbin/ifdown": [ "exec" ],
"/sbin/ifup": [ "exec" ],
"/sbin/reboot": [ "exec" ],
"/sbin/sysupgrade": [ "exec" ],
"/sbin/wifi": [ "exec" ],
"/bin/kill": [ "exec" ],
"/bin/tar": [ "exec" ],
"/bin/umount": [ "exec" ],
"/tmp/backup.tar.gz": [ "write" ],
"/tmp/firmware.bin": [ "write" ],
"/tmp/upload.ipk": [ "write" ],
"/usr/sbin/iptables -Z": [ "exec" ],
"/usr/sbin/ip6tables -Z": [ "exec" ]
},
"ubus": {
"file": [ "write", "remove", "exec" ],
"hostapd.*": [ "del_client" ],
"iwinfo": [ "scan" ],
"luci": [ "setInitAction", "setLocaltime", "setPassword", "setBlockDetect" ],
"uci": [ "add", "apply", "confirm", "delete", "order", "set", "rename" ]
},
"uci": [ "*" ]
}
},
"luci-app-firewall": {
"description": "Grant access to firewall procedures",
"read": {
"file": {
"/etc/firewall.user": [ "read" ]
},
"ubus": {
"luci": [ "getConntrackHelpers" ]
},
"uci": [ "firewall" ]
},
"write": {
"file": {
"/etc/firewall.user": [ "write" ],
"/etc/init.d/firewall": [ "exec" ]
},
"uci": [ "firewall" ]
}
}
}
|
