summaryrefslogtreecommitdiffhomepage
path: root/modules/luci-mod-status/root/usr/share/rpcd/acl.d/luci-mod-status.json
blob: 7ad43200a374a8f47a43a4bbf4a0ced00b8a8cab (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
{
	"luci-mod-status-realtime": {
		"description": "Grant access to realtime statistics",
		"read": {
			"ubus": {
				"luci": [ "getConntrackList", "getRealtimeStats" ],
				"network.rrdns": [ "lookup" ]
			}
		}
	},

	"luci-mod-status-processes": {
		"description": "Grant access to process status",
		"read": {
			"ubus": {
				"luci": [ "getProcessList" ]
			}
		},
		"write": {
			"file": {
				"/bin/kill": [ "exec" ]
			},
			"ubus": {
				"file": [ "exec" ]
			}
		}
	},

	"luci-mod-status-logs": {
		"description": "Grant access to system logs",
		"read": {
			"cgi-io": [ "exec" ],
			"file": {
				"/bin/dmesg -r": [ "exec" ],
				"/sbin/logread": [ "stat" ],
				"/sbin/logread -e ^": [ "exec" ],
				"/usr/sbin/logread": [ "stat" ],
				"/usr/sbin/logread -e ^": [ "exec" ]
			},
			"ubus": {
				"file": [ "stat" ]
			}
		}
	},

	"luci-mod-status-routes": {
		"description": "Grant access to routing status",
		"read": {
			"file": {
				"/sbin/ip -[46] neigh show": [ "exec" ],
				"/sbin/ip -[46] route show table all": [ "exec" ],
				"/sbin/ip -[46] rule show": [ "exec" ]
			},
			"ubus": {
				"file": [ "exec" ]
			}
		}
	},

	"luci-mod-status-channel_analysis": {
		"description": "Grant access to wireless channel status",
		"read": {
			"ubus": {
				"iwinfo": [ "info", "freqlist" ]
			}
		}
	},

	"luci-mod-status-firewall": {
		"description": "Grant access to firewall status",
		"read": {
			"cgi-io": [ "exec" ],
			"file": {
				"/usr/sbin/nft --json list ruleset": [ "exec" ],
				"/usr/sbin/iptables --line-numbers -w -nvxL -t *": [ "exec" ],
				"/usr/sbin/ip6tables --line-numbers -w -nvxL -t *": [ "exec" ],
				"/usr/sbin/ip6tables": [ "list" ]
			},
			"ubus": {
				"file": [ "stat" ]
			}
		},
		"write": {
			"cgi-io": [ "exec" ],
			"file": {
				"/etc/init.d/firewall restart": [ "exec" ],
				"/usr/sbin/iptables -Z": [ "exec" ],
				"/usr/sbin/ip6tables -Z": [ "exec" ]
			},
			"ubus": {
				"file": [ "exec" ]
			}
		}
	}
}