You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@karaf.apache.org by rrsavage <rr...@hotmail.com> on 2011/11/02 16:25:14 UTC
shell commands & user roles
I'm new to Karaf and have a question about user access control within the
(SSH) shell. Is there a way to define more granular level of user access to
see (list/autocomplete) and execute commands via the (SSH) shell? For
example, can certain commands be restricted to a configured set of user
roles via the command's name or scope?
Thanks, Robert
--
View this message in context: http://karaf.922171.n3.nabble.com/shell-commands-user-roles-tp3474148p3474148.html
Sent from the Karaf - User mailing list archive at Nabble.com.
Re: shell commands & user roles
Posted by Achim Nierbeck <bc...@googlemail.com>.
Guillaume,
regarding JMX there have already been requests to "secure" JMX so I think
this should be a reasonable add-on :)
@Robert thanx :)
regards, Achim
2011/11/2 Jean-Baptiste Onofré <jb...@nanthrax.net>
> Thanks ;)
>
> Regards
> JB
>
>
> On 11/02/2011 06:41 PM, rrsavage wrote:
>
>> Feature Request created:
>> https://issues.apache.org/**jira/browse/KARAF-979<https://issues.apache.org/jira/browse/KARAF-979>
>> https://issues.apache.org/**jira/browse/KARAF-979<https://issues.apache.org/jira/browse/KARAF-979>
>>
>>
>> --
>> View this message in context: http://karaf.922171.n3.nabble.**
>> com/shell-commands-user-roles-**tp3474148p3474561.html<http://karaf.922171.n3.nabble.com/shell-commands-user-roles-tp3474148p3474561.html>
>> Sent from the Karaf - User mailing list archive at Nabble.com.
>>
>
> --
> Jean-Baptiste Onofré
> jbonofre@apache.org
> http://blog.nanthrax.net
> Talend - http://www.talend.com
>
--
--
*Achim Nierbeck*
Apache Karaf <http://karaf.apache.org/> Committer & PMC
OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer &
Project Lead
blog <http://notizblog.nierbeck.de/>
Re: shell commands & user roles
Posted by Jean-Baptiste Onofré <jb...@nanthrax.net>.
Thanks ;)
Regards
JB
On 11/02/2011 06:41 PM, rrsavage wrote:
> Feature Request created:
> https://issues.apache.org/jira/browse/KARAF-979
> https://issues.apache.org/jira/browse/KARAF-979
>
>
> --
> View this message in context: http://karaf.922171.n3.nabble.com/shell-commands-user-roles-tp3474148p3474561.html
> Sent from the Karaf - User mailing list archive at Nabble.com.
--
Jean-Baptiste Onofré
jbonofre@apache.org
http://blog.nanthrax.net
Talend - http://www.talend.com
Re: shell commands & user roles
Posted by rrsavage <rr...@hotmail.com>.
Feature Request created:
https://issues.apache.org/jira/browse/KARAF-979
https://issues.apache.org/jira/browse/KARAF-979
--
View this message in context: http://karaf.922171.n3.nabble.com/shell-commands-user-roles-tp3474148p3474561.html
Sent from the Karaf - User mailing list archive at Nabble.com.
Re: shell commands & user roles
Posted by Guillaume Nodet <gn...@gmail.com>.
We'd have to keep anything we do on role based access consistent with the
web console / jmx management layers.
On Wed, Nov 2, 2011 at 17:16, Achim Nierbeck <bc...@googlemail.com>wrote:
> Hi JB, Robert
>
> sounds like a reasonable User/Role feature for Karaf,
> would be interesting to see what roles we have here,
> a full accessible admin,
> a user level,
> do we need more distinct levels, like for example
> features, web, that correspond to the "std." feature sets we have?
>
> @Robert could you open a Jira issue for that feature request :)
>
> regards, Achim
>
>
> 2011/11/2 Jean-Baptiste Onofré <jb...@nanthrax.net>
>
>> Hi Robert,
>>
>> it's not possible for now but it's a good idea. We have something similar
>> in Apache Kalumet (called AccessList).
>>
>> It's a good new feature for Karaf 3.0.
>>
>> Regards
>> JB
>>
>>
>> On 11/02/2011 04:58 PM, rrsavage wrote:
>>
>>> Really what I'm after is a two level access system. An "admin" level
>>> that
>>> has full access to all commands, scripting, introspection, etc. And a
>>> "user" level of access that perhaps only provides access to a limited
>>> number
>>> of command. Additionally "user" level access would disallow scripting
>>> and
>>> introspection capabilities. Is this a reasonable approach and is it
>>> even
>>> possible?
>>>
>>> Thanks, Robert
>>>
>>> --
>>> View this message in context: http://karaf.922171.n3.nabble.**
>>> com/shell-commands-user-roles-**tp3474148p3474241.html<http://karaf.922171.n3.nabble.com/shell-commands-user-roles-tp3474148p3474241.html>
>>> Sent from the Karaf - User mailing list archive at Nabble.com.
>>>
>>
>> --
>> Jean-Baptiste Onofré
>> jbonofre@apache.org
>> http://blog.nanthrax.net
>> Talend - http://www.talend.com
>>
>
>
>
> --
> --
> *Achim Nierbeck*
>
>
> Apache Karaf <http://karaf.apache.org/> Committer & PMC
> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer
> & Project Lead
> blog <http://notizblog.nierbeck.de/>
>
--
------------------------
Guillaume Nodet
------------------------
Blog: http://gnodet.blogspot.com/
------------------------
Open Source SOA
http://fusesource.com
Re: shell commands & user roles
Posted by rrsavage <rr...@hotmail.com>.
Will do Thanks!
--
View this message in context: http://karaf.922171.n3.nabble.com/shell-commands-user-roles-tp3474148p3474512.html
Sent from the Karaf - User mailing list archive at Nabble.com.
Re: shell commands & user roles
Posted by Achim Nierbeck <bc...@googlemail.com>.
Hi JB, Robert
sounds like a reasonable User/Role feature for Karaf,
would be interesting to see what roles we have here,
a full accessible admin,
a user level,
do we need more distinct levels, like for example
features, web, that correspond to the "std." feature sets we have?
@Robert could you open a Jira issue for that feature request :)
regards, Achim
2011/11/2 Jean-Baptiste Onofré <jb...@nanthrax.net>
> Hi Robert,
>
> it's not possible for now but it's a good idea. We have something similar
> in Apache Kalumet (called AccessList).
>
> It's a good new feature for Karaf 3.0.
>
> Regards
> JB
>
>
> On 11/02/2011 04:58 PM, rrsavage wrote:
>
>> Really what I'm after is a two level access system. An "admin" level that
>> has full access to all commands, scripting, introspection, etc. And a
>> "user" level of access that perhaps only provides access to a limited
>> number
>> of command. Additionally "user" level access would disallow scripting and
>> introspection capabilities. Is this a reasonable approach and is it even
>> possible?
>>
>> Thanks, Robert
>>
>> --
>> View this message in context: http://karaf.922171.n3.nabble.**
>> com/shell-commands-user-roles-**tp3474148p3474241.html<http://karaf.922171.n3.nabble.com/shell-commands-user-roles-tp3474148p3474241.html>
>> Sent from the Karaf - User mailing list archive at Nabble.com.
>>
>
> --
> Jean-Baptiste Onofré
> jbonofre@apache.org
> http://blog.nanthrax.net
> Talend - http://www.talend.com
>
--
--
*Achim Nierbeck*
Apache Karaf <http://karaf.apache.org/> Committer & PMC
OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer &
Project Lead
blog <http://notizblog.nierbeck.de/>
Re: shell commands & user roles
Posted by Jean-Baptiste Onofré <jb...@nanthrax.net>.
Hi Robert,
it's not possible for now but it's a good idea. We have something
similar in Apache Kalumet (called AccessList).
It's a good new feature for Karaf 3.0.
Regards
JB
On 11/02/2011 04:58 PM, rrsavage wrote:
> Really what I'm after is a two level access system. An "admin" level that
> has full access to all commands, scripting, introspection, etc. And a
> "user" level of access that perhaps only provides access to a limited number
> of command. Additionally "user" level access would disallow scripting and
> introspection capabilities. Is this a reasonable approach and is it even
> possible?
>
> Thanks, Robert
>
> --
> View this message in context: http://karaf.922171.n3.nabble.com/shell-commands-user-roles-tp3474148p3474241.html
> Sent from the Karaf - User mailing list archive at Nabble.com.
--
Jean-Baptiste Onofré
jbonofre@apache.org
http://blog.nanthrax.net
Talend - http://www.talend.com
Re: shell commands & user roles
Posted by rrsavage <rr...@hotmail.com>.
Really what I'm after is a two level access system. An "admin" level that
has full access to all commands, scripting, introspection, etc. And a
"user" level of access that perhaps only provides access to a limited number
of command. Additionally "user" level access would disallow scripting and
introspection capabilities. Is this a reasonable approach and is it even
possible?
Thanks, Robert
--
View this message in context: http://karaf.922171.n3.nabble.com/shell-commands-user-roles-tp3474148p3474241.html
Sent from the Karaf - User mailing list archive at Nabble.com.
Re: shell commands & user roles
Posted by Guillaume Nodet <gn...@gmail.com>.
Not really, while that could be implemented for commands, the problem is
that the command line also allows introspection and scripting and
authorization can't easily be done at that level so the console would not
be totally secured anyway.
On Wed, Nov 2, 2011 at 16:25, rrsavage <rr...@hotmail.com> wrote:
> I'm new to Karaf and have a question about user access control within the
> (SSH) shell. Is there a way to define more granular level of user access
> to
> see (list/autocomplete) and execute commands via the (SSH) shell? For
> example, can certain commands be restricted to a configured set of user
> roles via the command's name or scope?
>
> Thanks, Robert
>
>
> --
> View this message in context:
> http://karaf.922171.n3.nabble.com/shell-commands-user-roles-tp3474148p3474148.html
> Sent from the Karaf - User mailing list archive at Nabble.com.
>
--
------------------------
Guillaume Nodet
------------------------
Blog: http://gnodet.blogspot.com/
------------------------
Open Source SOA
http://fusesource.com