modules/luci-mod-system/root/usr/share/rpcd/acl.d/luci-mod-system.json

   1 {
   2         "luci-mod-system-config": {
   3                 "description": "Grant access to system configuration",
   4                 "read": {
   5                         "ubus": {
   6                                 "luci": [ "getInitList", "getLEDs", "getLocaltime", "getTimezones", "getUSBDevices" ]
   7                         },
   8                         "uci": [ "luci", "system" ]
   9                 },
  10                 "write": {
  11                         "ubus": {
  12                                 "luci": [ "setInitAction", "setLocaltime", "setPassword" ]
  13                         },
  14                         "uci": [ "luci", "system" ]
  15                 }
  16         },
  17
  18         "luci-mod-system-ssh": {
  19                 "description": "Grant access to SSH configuration",
  20                 "read": {
  21                         "file": {
  22                                 "/etc/dropbear/authorized_keys": [ "read" ]
  23                         },
  24                         "ubus": {
  25                                 "file": [ "read" ]
  26                         },
  27                         "uci": [ "dropbear" ]
  28                 },
  29                 "write": {
  30                         "file": {
  31                                 "/etc/dropbear/authorized_keys": [ "write" ]
  32                         },
  33                         "ubus": {
  34                                 "file": [ "write" ],
  35                                 "luci": [ "setInitAction", "setLocaltime" ]
  36                         },
  37                         "uci": [ "system" ]
  38                 }
  39         },
  40
  41         "luci-mod-system-init": {
  42                 "description": "Grant access to startup configuration",
  43                 "read": {
  44                         "file": {
  45                                 "/etc/rc.local": [ "read" ]
  46                         },
  47                         "ubus": {
  48                                 "file": [ "read" ],
  49                                 "luci": [ "getInitList" ]
  50                         }
  51                 },
  52                 "write": {
  53                         "file": {
  54                                 "/etc/rc.local": [ "write" ]
  55                         },
  56                         "ubus": {
  57                                 "file": [ "write" ],
  58                                 "luci": [ "setInitAction" ]
  59                         }
  60                 }
  61         },
  62
  63         "luci-mod-system-cron": {
  64                 "description": "Grant access to crontab configuration",
  65                 "read": {
  66                         "file": {
  67                                 "/etc/crontabs/root": [ "read" ]
  68                         },
  69                         "ubus": {
  70                                 "file": [ "read" ]
  71                         }
  72                 },
  73                 "write": {
  74                         "file": {
  75                                 "/etc/crontabs/root": [ "write" ]
  76                         },
  77                         "ubus": {
  78                                 "file": [ "write" ]
  79                         }
  80                 }
  81         },
  82
  83         "luci-mod-system-mounts": {
  84                 "description": "Grant access to mount configuration",
  85                 "read": {
  86                         "file": {
  87                                 "/etc/filesystems": [ "read" ],
  88                                 "/proc/filesystems": [ "read" ],
  89                                 "/usr/bin/btrfsck": [ "list" ],
  90                                 "/usr/bin/ntfsfix": [ "list" ],
  91                                 "/usr/sbin/e2fsck": [ "list" ],
  92                                 "/usr/sbin/fsck.f2fs": [ "list" ],
  93                                 "/usr/sbin/fsck.fat": [ "list" ]
  94                         },
  95                         "ubus": {
  96                                 "file": [ "read", "stat" ],
  97                                 "luci": [ "getBlockDevices", "getMountPoints" ]
  98                         },
  99                         "uci": [ "fstab" ]
 100                 },
 101                 "write": {
 102                         "file": {
 103                                 "/etc/crontabs/root": [ "write" ],
 104                                 "/bin/umount": [ "exec" ],
 105                                 "/sbin/block": [ "exec" ]
 106                         },
 107                         "ubus": {
 108                                 "file": [ "exec", "write" ],
 109                                 "luci": [ "setBlockDetect" ]
 110                         },
 111                         "uci": [ "fstab" ]
 112                 }
 113         },
 114
 115         "luci-mod-system-flash": {
 116                 "description": "Grant access to flash operations",
 117                 "read": {
 118                         "cgi-io": [ "backup", "download" ],
 119                         "file": {
 120                                 "/dev/mtdblock[0-9]*": [ "read" ],
 121                                 "/etc/sysupgrade.conf": [ "read" ],
 122                                 "/lib/upgrade/platform.sh": [ "list" ],
 123                                 "/proc/mounts": [ "read" ],
 124                                 "/proc/mtd": [ "read" ],
 125                                 "/proc/partitions": [ "read" ],
 126                                 "/proc/sys/kernel/hostname": [ "read" ],
 127                                 "/sbin/sysupgrade --list-backup": [ "exec" ]
 128                         },
 129                         "ubus": {
 130                                 "file": [ "exec", "read", "stat" ]
 131                         }
 132                 },
 133                 "write": {
 134                         "cgi-io": [ "upload" ],
 135                         "file": {
 136                                 "/bin/tar -tzf /tmp/backup.tar.gz": [ "exec" ],
 137                                 "/etc/sysupgrade.conf": [ "write" ],
 138                                 "/sbin/firstboot -r -y": [ "exec" ],
 139                                 "/sbin/reboot": [ "exec" ],
 140                                 "/sbin/sysupgrade --force /tmp/firmware.bin": [ "exec" ],
 141                                 "/sbin/sysupgrade -n --force /tmp/firmware.bin": [ "exec" ],
 142                                 "/sbin/sysupgrade -n /tmp/firmware.bin": [ "exec" ],
 143                                 "/sbin/sysupgrade --restore-backup /tmp/backup.tar.gz": [ "exec" ],
 144                                 "/sbin/sysupgrade --test /tmp/firmware.bin": [ "exec" ],
 145                                 "/sbin/sysupgrade /tmp/firmware.bin": [ "exec" ],
 146                                 "/tmp/backup.tar.gz": [ "write" ],
 147                                 "/tmp/firmware.bin": [ "write" ]
 148                         },
 149                         "ubus": {
 150                                 "file": [ "exec", "remove", "write" ],
 151                                 "system": [ "validate_firmware_image" ]
 152                         }
 153                 }
 154         },
 155
 156         "luci-mod-system-reboot": {
 157                 "description": "Allow rebooting the device",
 158                 "write": {
 159                         "file": {
 160                                 "/sbin/reboot": [ "exec" ]
 161                         },
 162                         "ubus": {
 163                                 "file": [ "exec" ]
 164                         }
 165                 }
 166         }
 167 }