################################################################################ # # Licensed to the Apache Software Foundation (ASF) under one or more # contributor license agreements. See the NOTICE file distributed with # this work for additional information regarding copyright ownership. # The ASF licenses this file to You under the Apache License, Version 2.0 # (the "License"); you may not use this file except in compliance with # the License. You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # ################################################################################ # # This configuration file defines the ACLs for commands in the system subshell # # The format of this file is as follows: # The name of the file corresponds to a Configuration Admin PID. This file is for PID: # org.apache.karaf.command.acl.system # The prefix org.apache.karaf.command.acl. determines that this file defines ACLs for karaf # commands. The last word on the PID declares the scope that it applies to, i.e. this file # is for the 'system' scope. # Entries in this file map to commands within the defined scope. The simplest role definition # has the form: # command = role1, role2, role3 # Specific roles can also be declared for certain arguments to the command. This is done using # regular expression matching. # All the arguments to the command are represented as a list using the following syntax: # [arg1,arg2,arg3] # The matching is done after converting this list into a string. So the line # start-level[/.*[0-9][0-9][0-9]+.*/] = manager # declares that a manager role is needed to set a start level with 3 digits or more. The .* # wildcards at the beginning and end are used to match the '[' and ']' characters surrounding. # When looking for a match the regular-expression based ACLs are always checked first. If any # of them match the associated roles are used. # # If no match can be found based on reg-exp ACLs, a match is looked for based purely on the # command name. # # If no command-name match can be found it is assumed that the command does not need a specific # role and can therefore be invoked by any user. property = admin shutdown = admin start-level[/.*[0-9][0-9][0-9]+.*/] = manager # manager can set startlevels above 100 start-level[/[^0-9]*/] = viewer # viewer can obtain the current start level start-level = admin # admin can set any start level, including < 100