To answer my own question: The Karaf Security page [1] seems to give all
details necessary to expose specific console commands via ACLs to particular
users.
-Max
[1] https://karaf.apache.org/manual/latest/security
On 8/12/20 9:54 AM, Max Spring wrote:
More context:
I already have an additional sshd service in my container handling the more
interactive exchange of binaries (think of something similar to rsync over ssh).
My initial impulse was to add more ssh commands to this service, but quickly realized
that the "regular" Karaf console would be a better starting point,
because some of the functionality I want to expose to this limited user
audience I already have implemented as Karaf commands.
Now, if neither the visibility restriction, nor the additional Karaf console
works out, I guess I have to use my other sshd service, then somehow invoking
my existing Karaf commands from there.
-Max
On 8/10/20 5:45 PM, Max Spring wrote:
I want to expose a specific set of Karaf console commands (via ssh) to
a particular group of users. They should not see (or be able to run)
any other Karaf console command. These Karaf commands already exist on
the "regular" Karaf console (on port 8101).
Can I
(a) restrict the visibility of Karaf commands?
and/or
(b) run an additional console (on a different port) and have Karaf
commands show up here *in addition* to showing up on the "regular"
console?
Thanks for your guidance.
-Max
