I'm in big need of help and I will appreciate if you could help me.
I am trying to define an ACL so I can remotely execute a Lua script using Ubus over HTTP. I don't want to put a wild card but to give access only to a specific file.
"file": {
"lua script_path.lua": [ "exec" ]
}
The problem is that I want to pass command-line arguments to the script which are not known in advance, so I cannot define them in the ACL. I tried to do something like:
"file": {
"lua script_path.lua *": ["exec"]
}
However, it didn't work. and it's saying 'access to command denied by acl'.
Is there a way to give ACL access to a command with 2 strings as command-line arguments, whose values are not known in advance?
Using the wildcard should work. Make sure your ACL rules contain absolute paths anywhere as relative path locations are undefined when invoking remote scripts.
Furthermore, depending on if you want to use LuCI.fs.exec_direct() or LuCI.fs.exec(), you'll also need an ACL granting access to the corresponding procedure itself (cgi-io for exec_direct(), ubus/file for exec():