summaryrefslogtreecommitdiffstats
path: root/modules/luci-mod-network/root/usr/share/rpcd/acl.d/luci-mod-network.json
blob: 954b76c5578d9a2e5da86a9575a137fc7144075c (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86

{
	"luci-mod-network-config": {
		"description": "Grant access to network configuration",
		"read": {
			"cgi-io": [ "exec" ],
			"file": {
				"/etc/iproute2/rt_tables": [ "read" ],
				"/proc/sys/net/ipv6/conf/*/mtu": [ "read" ],
				"/proc/sys/net/ipv6/conf/*/hop_limit": [ "read" ],
				"/usr/libexec/luci-peeraddr": [ "exec" ],
				"/proc/sys/net/ipv[46]/conf/*": [ "read" ],
				"/sys/class/net/*/brport/*": [ "read" ]
			},
			"ubus": {
				"file": [ "exec" ],
				"iwinfo": [ "assoclist", "countrylist", "freqlist", "txpowerlist" ],
				"luci": [ "getSwconfigFeatures", "getSwconfigPortState" ]
			},
			"uci": [ "dhcp", "firewall", "network", "wireless", "system" ]
		},
		"write": {
			"cgi-io": [ "exec" ],
			"file": {
				"/sbin/ifup": [ "exec" ],
				"/sbin/ifdown": [ "exec" ],
				"/sbin/wifi": [ "exec" ]
			},
			"ubus": {
				"file": [ "exec" ],
				"hostapd.*": [ "del_client" ],
				"iwinfo": [ "scan" ]
			},
			"uci": [ "dhcp", "firewall", "network", "wireless" ]
		}
	},

	"luci-mod-network-dns": {
		"description": "Grant access to DNS configuration",
		"read": {
			"ubus": {
				"luci-rpc": [ "getHostHints" ]
			},
			"uci": [ "dhcp" ]
		},
		"write": {
			"uci": [ "dhcp" ]
		}
	},

	"luci-mod-network-dhcp": {
		"description": "Grant access to DHCP configuration",
		"read": {
			"ubus": {
				"luci-rpc": [ "getDHCPLeases", "getDUIDHints", "getHostHints", "getNetworkDevices" ],
				"fingerprint": [ "fingerprint" ],
				"service": [ "list" ]
			},
			"uci": [ "dhcp" ]
		},
		"write": {
			"uci": [ "dhcp" ]
		}
	},

	"luci-mod-network-diagnostics": {
		"description": "Grant access to network diagnostic tools",
		"read": {
			"file": {
				"/bin/ping": [ "exec" ],
				"/bin/ping6": [ "exec", "list" ],
				"/bin/traceroute": [ "exec" ],
				"/bin/traceroute6": [ "exec", "list" ],
				"/usr/bin/nslookup": [ "exec" ],
				"/usr/bin/ping": [ "exec" ],
				"/usr/bin/ping6": [ "exec", "list" ],
				"/usr/bin/traceroute": [ "exec" ],
				"/usr/bin/traceroute6": [ "exec", "list" ],
				"/usr/bin/arp-scan": [ "exec", "list" ]
			},
			"ubus": {
				"file": [ "exec", "stat" ]
			},
			"uci": [ "luci" ]
		}
	}
}
generated by cgit v1.2.3 (git 2.46.0) at 2026-03-06 15:46:33 +0000