You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@karaf.apache.org by da...@apache.org on 2013/11/27 14:20:11 UTC
svn commit: r1546025 - in /karaf/trunk/assemblies/features/framework/src/main/resources/resources/etc: org.apache.karaf.command.acl.config.cfg org.apache.karaf.command.acl.shell.cfg org.apache.karaf.command.acl.system.cfg

Author: davidb
Date: Wed Nov 27 13:20:11 2013
New Revision: 1546025

URL: http://svn.apache.org/r1546025
Log:
Inline comments explanation of the command ACL config files.

Modified:
    karaf/trunk/assemblies/features/framework/src/main/resources/resources/etc/org.apache.karaf.command.acl.config.cfg
    karaf/trunk/assemblies/features/framework/src/main/resources/resources/etc/org.apache.karaf.command.acl.shell.cfg
    karaf/trunk/assemblies/features/framework/src/main/resources/resources/etc/org.apache.karaf.command.acl.system.cfg

Modified: karaf/trunk/assemblies/features/framework/src/main/resources/resources/etc/org.apache.karaf.command.acl.config.cfg
URL: http://svn.apache.org/viewvc/karaf/trunk/assemblies/features/framework/src/main/resources/resources/etc/org.apache.karaf.command.acl.config.cfg?rev=1546025&r1=1546024&r2=1546025&view=diff
==============================================================================
--- karaf/trunk/assemblies/features/framework/src/main/resources/resources/etc/org.apache.karaf.command.acl.config.cfg (original)
+++ karaf/trunk/assemblies/features/framework/src/main/resources/resources/etc/org.apache.karaf.command.acl.config.cfg Wed Nov 27 13:20:11 2013
@@ -1,6 +1,9 @@
 #
 # This configuration file defines the ACLs for various commands in the config subshell
 # 
+# For an explanation of the syntax of this file, see the file:
+#   org.apache.karaf.command.acl.system.cfg
+#
 
 cancel = manager
 delete = admin

Modified: karaf/trunk/assemblies/features/framework/src/main/resources/resources/etc/org.apache.karaf.command.acl.shell.cfg
URL: http://svn.apache.org/viewvc/karaf/trunk/assemblies/features/framework/src/main/resources/resources/etc/org.apache.karaf.command.acl.shell.cfg?rev=1546025&r1=1546024&r2=1546025&view=diff
==============================================================================
--- karaf/trunk/assemblies/features/framework/src/main/resources/resources/etc/org.apache.karaf.command.acl.shell.cfg (original)
+++ karaf/trunk/assemblies/features/framework/src/main/resources/resources/etc/org.apache.karaf.command.acl.shell.cfg Wed Nov 27 13:20:11 2013
@@ -1,6 +1,9 @@
 #
 # This configuration file defines the ACLs for commands in the shell subshell
 # 
+# For an explanation of the syntax of this file, see the file:
+#   org.apache.karaf.command.acl.system.cfg
+#
 # Important to note is that the shell:new and shell:java commands are very powerful
 # as they can invoke any Java class available. Therefore they are limited to the admin
 # role here.

Modified: karaf/trunk/assemblies/features/framework/src/main/resources/resources/etc/org.apache.karaf.command.acl.system.cfg
URL: http://svn.apache.org/viewvc/karaf/trunk/assemblies/features/framework/src/main/resources/resources/etc/org.apache.karaf.command.acl.system.cfg?rev=1546025&r1=1546024&r2=1546025&view=diff
==============================================================================
--- karaf/trunk/assemblies/features/framework/src/main/resources/resources/etc/org.apache.karaf.command.acl.system.cfg (original)
+++ karaf/trunk/assemblies/features/framework/src/main/resources/resources/etc/org.apache.karaf.command.acl.system.cfg Wed Nov 27 13:20:11 2013
@@ -1,9 +1,34 @@
 #
 # This configuration file defines the ACLs for commands in the system subshell
-# 
+#
+# The format of this file is as follows:
+# The name of the file corresponds to a Configuration Admin PID. This file is for PID:
+#    org.apache.karaf.command.acl.system
+# The prefix org.apache.karaf.command.acl. determines that this file defines ACLs for karaf
+# commands. The last word on the PID declares the scope that it applies to, i.e. this file
+# is for the 'system' scope.
+# Entries in this file map to commands within the defined scope. The simplest role definition
+# has the form:
+#   command = role1, role2, role3
+# Specific roles can also be declared for certain arguments to the command. This is done using
+# regular expression matching. 
+# All the arguments to the command are represented as a list using the following syntax:
+#   [arg1,arg2,arg3]
+# The matching is done after converting this list into a string. So the line
+#   start-level[/.*[0-9][0-9][0-9]+.*/] = manager
+# declares that a manager role is needed to set a start level with 3 digits or more. The .* 
+# wildcards at the beginning and end are used to match the '[' and ']' characters surrounding.
+# When looking for a match the regular-expression based ACLs are always checked first. If any
+# of them match the associated roles are used.
+#
+# If no match can be found based on reg-exp ACLs, a match is looked for based purely on the 
+# command name. 
+#
+# If no command-name match can be found it is assumed that the command does not need a specific 
+# role and can therefore be invoked by any user.
 
 property = admin
 shutdown = admin
 start-level[/.*[0-9][0-9][0-9]+.*/] = manager # manager can set startlevels above 100
-start-level[/[^0-9]*/] = viewer              # manager can obtain the current start level
+start-level[/[^0-9]*/] = viewer               # viewer can obtain the current start level
 start-level = admin                           # admin can set any start level, including < 100