Hi Max, Sorry, for some reason, your messages went in my spam folder.
Yes, you have all the details about ACL usage in the documentation. You can also take a look on the ACL config (in etc) for the existing commands. Regards JB > Le 15 août 2020 à 20:30, Max Spring <[email protected]> a écrit : > > To answer my own question: The Karaf Security page [1] seems to give all > details necessary to expose specific console commands via ACLs to particular > users. > -Max > > [1] https://karaf.apache.org/manual/latest/security > > > On 8/12/20 9:54 AM, Max Spring wrote: >> More context: >> I already have an additional sshd service in my container handling the more >> interactive exchange of binaries (think of something similar to rsync over >> ssh). >> My initial impulse was to add more ssh commands to this service, but quickly >> realized that the "regular" Karaf console would be a better starting point, >> because some of the functionality I want to expose to this limited user >> audience I already have implemented as Karaf commands. >> Now, if neither the visibility restriction, nor the additional Karaf console >> works out, I guess I have to use my other sshd service, then somehow >> invoking my existing Karaf commands from there. >> -Max >> On 8/10/20 5:45 PM, Max Spring wrote: >>> I want to expose a specific set of Karaf console commands (via ssh) to >>> a particular group of users. They should not see (or be able to run) >>> any other Karaf console command. These Karaf commands already exist on >>> the "regular" Karaf console (on port 8101). >>> >>> Can I >>> >>> (a) restrict the visibility of Karaf commands? >>> >>> and/or >>> >>> (b) run an additional console (on a different port) and have Karaf >>> commands show up here *in addition* to showing up on the "regular" >>> console? >>> >>> Thanks for your guidance. >>> -Max
