Hi, I finally had the time to dig into the source code of the ubus daemon and find the answer. I left it here in case anyone has the same question.
The keyword "publish" can be used in an ubus' ACL file to grant a non-root user to create an object. I found the keyword in the "ubusd_acl.c" file from the ubus repository. The corrected ACL file, for my example, is: { "user": "ubususer1", "access": { "system": { "methods": [ "board", "info" ] }, "service": { "methods": [ "list" ] } }, "publish": [ "testobj" ] } Cheers, Luis Araneda. On Wed, May 17, 2017 at 1:17 AM, Luis Araneda <luaran...@gmail.com> wrote: > Hi, > > > I'm trying to create a ubus object using a non-root account. > > I've created an ACL file and put it inside the folder "/usr/share/acl.d" > > { > "user": "ubususer1", > "access": { > "system": { > "methods": [ "board", "info" ] > }, > "testobj": { > "methods": [ "say_hello", "add", "reply" ] > }, > "service": { > "methods": [ "list" ] > } > } > } > > With the ACL file, the non-root account can access the methods just fine. > > When I try to execute the program using the non-root account, > it fails when calling ubus_add_object(). This is the output of > "ubus monitor": > > root@LEDE:~# ubus monitor > -> 1af1ba4b #00000003 status: {"status":0} > -> 0973710c #0973710c hello: {} > <- 0973710c #00000000 add_object: {"objpath":"testobj", > "signature":{"say_hello":{}, > "reply":{"msg":3}, > "add":{"a":5,"b":5}}} > -> 0973710c #00000000 status: {"status":2} > <- 0973710c #00000000 add_object: {} > -> 0973710c #00000000 data: {"objid":1402562455} > -> 0973710c #00000000 status: {"status":0} > > But, when I try execute the program as root, it executes correctly, > giving this output on "ubus monitor": > > root@LEDE:~# ubus monitor > -> 83090aba #00000003 status: {"status":0} > -> 1a8c6bf2 #1a8c6bf2 hello: {} > <- 1a8c6bf2 #00000000 add_object: {"objpath":"testobj", > "signature":{"say_hello":{}, > "reply":{"msg":3}, > "add":{"a":5,"b":5}}} > -> 9dc9e08c #00000000 invoke: {"objid":-723209694, > "method":"ubus.object.add", > "data":{"id":-235541040,"path":"testobj"}} > -> 4bb7a57d #00000000 invoke: {"objid":-1940255602, > "method":"ubus.object.add", > "data":{"id":-235541040,"path":"testobj"}} > -> 1a8c6bf2 #00000000 data: > {"objid":-235541040,"objtype":1777611453} > -> 1a8c6bf2 #00000000 status: {"status":0} > <- 9dc9e08c #00000000 status: {"status":0,"objid":-723209694} > <- 4bb7a57d #00000000 status: {"status":0,"objid":-1940255602} > <- 1a8c6bf2 #00000000 add_object: {} > -> 1a8c6bf2 #00000000 data: {"objid":752170120} > -> 1a8c6bf2 #00000000 status: {"status":0} > > > I've done some research, and I've found > https://lists.openwrt.org/pipermail/openwrt-devel/2015-September/035514.html > and I think the call to ubusd_acl_check() shouldn't generate an error in > my case because I have an ACL file (assuming it is properly written) > > - I doing something wrong in the ACL file? > - Is the root user the only allowed to add an object to the bus? > - Am I missing something? > > > Thanks in advance, > > Luis Araneda. _______________________________________________ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev