modules/luci-base/root/usr/share/rpcd/acl.d/luci-base.json

   1 {
   2         "unauthenticated": {
   3                 "description": "Allow system feature probing",
   4                 "read": {
   5                         "ubus": {
   6                                 "luci": [ "getFeatures" ]
   7                         }
   8                 }
   9         },
  10
  11         "uci-access": {
  12                 "description": "Grant uci write access to all configurations",
  13                 "read": {
  14                         "uci": [ "*" ]
  15                 },
  16                 "write": {
  17                         "uci": [ "*" ]
  18                 }
  19         },
  20         "luci-access": {
  21                 "description": "Grant access to basic LuCI procedures",
  22                 "read": {
  23                         "cgi-io": [ "backup", "download" ],
  24                         "file": {
  25                                 "/": [ "list" ],
  26                                 "/*": [ "list" ],
  27                                 "/dev/mtdblock*": [ "read" ],
  28                                 "/etc/crontabs/root": [ "read" ],
  29                                 "/etc/dropbear/authorized_keys": [ "read" ],
  30                                 "/etc/filesystems": [ "read" ],
  31                                 "/etc/rc.local": [ "read" ],
  32                                 "/etc/sysupgrade.conf": [ "read" ],
  33                                 "/etc/passwd": [ "read" ],
  34                                 "/etc/group": [ "read" ],
  35                                 "/proc/filesystems": [ "read" ],
  36                                 "/proc/mtd": [ "read" ],
  37                                 "/proc/partitions": [ "read" ],
  38                                 "/proc/sys/kernel/hostname": [ "read" ],
  39                                 "/proc/mounts": [ "read" ]
  40                         },
  41                         "ubus": {
  42                                 "file": [ "list", "read", "stat" ],
  43                                 "iwinfo": [ "assoclist", "freqlist", "txpowerlist", "countrylist" ],
  44                                 "luci": [ "getBoardJSON", "getDUIDHints", "getHostHints", "getIfaddrs", "getInitList", "getLocaltime", "getTimezones", "getDHCPLeases", "getLEDs", "getNetworkDevices", "getUSBDevices", "getWirelessDevices", "getSwconfigFeatures", "getSwconfigPortState", "getBlockDevices", "getMountPoints" ],
  45                                 "network.device": [ "status" ],
  46                                 "network.interface": [ "dump" ],
  47                                 "network": [ "get_proto_handlers" ],
  48                                 "system": [ "validate_firmware_image" ],
  49                                 "uci": [ "changes", "get" ]
  50                         },
  51                         "uci": [ "*" ]
  52                 },
  53                 "write": {
  54                         "cgi-io": [ "upload" ],
  55                         "file": {
  56                                 "/etc/crontabs/root": [ "write" ],
  57                                 "/etc/dropbear/authorized_keys": [ "write" ],
  58                                 "/etc/luci-uploads/*": [ "write" ],
  59                                 "/etc/rc.local": [ "write" ],
  60                                 "/etc/sysupgrade.conf": [ "write" ],
  61                                 "/sbin/block": [ "exec" ],
  62                                 "/sbin/firstboot": [ "exec" ],
  63                                 "/sbin/reboot": [ "exec" ],
  64                                 "/sbin/sysupgrade": [ "exec" ],
  65                                 "/bin/tar": [ "exec" ],
  66                                 "/tmp/backup.tar.gz": [ "write" ],
  67                                 "/tmp/firmware.bin": [ "write" ]
  68                         },
  69                         "ubus": {
  70                                 "file": [ "write", "remove", "exec" ],
  71                                 "iwinfo": [ "scan" ],
  72                                 "luci": [ "setInitAction", "setLocaltime", "setPassword", "setBlockDetect", "setUmount", "setReboot" ],
  73                                 "uci": [ "add", "apply", "confirm", "delete", "order", "set", "rename" ]
  74                         },
  75                         "uci": [ "*" ]
  76                 }
  77         },
  78         "luci-app-firewall": {
  79                 "description": "Grant access to firewall procedures",
  80                 "read": {
  81                         "ubus": {
  82                                 "luci": [ "getConntrackHelpers" ]
  83                         },
  84                         "uci": [ "firewall" ]
  85                 },
  86                 "write": {
  87                         "uci": [ "firewall" ]
  88                 }
  89         }
  90 }