cgi-io: use different acl scopes for path and command permissions

Use the `cgi-io` scope to check for permission to execute the requested command (`upload`, `backup`) and the `file` scope to check path permissions. The reasoning of this change is that `cgi-io` is usually used in conjunction with `rpcd-mod-file` to transfer large file data out of band and `rpcd-mod-file` already uses the `file` scope to manage file path access permissions. After this change, both `rpc-mod-file` and `cgi-io` can share the same path acl rules. Write access to a path can be granted by using an ubus call in the following form: ubus call session grant '{ "ubus_rpc_session": "...", "scope": "file", "objects": [ [ "/var/lib/uploads/*", "write" ] ] }' Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2026-04-29 15:08:40 +01:00 · 2019-09-13 06:52:21 +02:00
parent a1057cea1f
commit c8a86c8c8e
2 changed files with 7 additions and 7 deletions
@@ -8,7 +8,7 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=cgi-io
-PKG_RELEASE:=8
+PKG_RELEASE:=9

 PKG_LICENSE:=GPL-2.0-or-later

@@ -37,7 +37,7 @@ endef
 define Package/cgi-io/install
 	$(INSTALL_DIR) $(1)/usr/libexec $(1)/www/cgi-bin/
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/cgi-io $(1)/usr/libexec
-	$(LN) ../../usr/libexec/cgi-io $(1)/www/cgi-bin/cgi-upload 
+	$(LN) ../../usr/libexec/cgi-io $(1)/www/cgi-bin/cgi-upload
 	$(LN) ../../usr/libexec/cgi-io $(1)/www/cgi-bin/cgi-backup
 endef