[LEDE-DEV] Create a ubus object with a non-root account

Luis Araneda luaraneda at gmail.com
Tue May 16 22:17:03 PDT 2017 

Hi,


I'm trying to create a ubus object using a non-root account.

I've created an ACL file and put it inside the folder "/usr/share/acl.d"

{
    "user": "ubususer1",
    "access": {
        "system": {
            "methods": [ "board", "info" ]
        },
        "testobj": {
            "methods": [ "say_hello", "add", "reply" ]
        },
        "service": {
            "methods": [ "list" ]
        }
    }
}

With the ACL file, the non-root account can access the methods just fine.

When I try to execute the program using the non-root account,
it fails when calling ubus_add_object(). This is the output of
"ubus monitor":

root at LEDE:~# ubus monitor
-> 1af1ba4b #00000003         status: {"status":0}
-> 0973710c #0973710c          hello: {}
<- 0973710c #00000000     add_object: {"objpath":"testobj",
                        "signature":{"say_hello":{},
                        "reply":{"msg":3},
                        "add":{"a":5,"b":5}}}
-> 0973710c #00000000         status: {"status":2}
<- 0973710c #00000000     add_object: {}
-> 0973710c #00000000           data: {"objid":1402562455}
-> 0973710c #00000000         status: {"status":0}

But, when I try execute the program as root, it executes correctly,
giving this output on "ubus monitor":

root at LEDE:~# ubus monitor
-> 83090aba #00000003         status: {"status":0}
-> 1a8c6bf2 #1a8c6bf2          hello: {}
<- 1a8c6bf2 #00000000     add_object: {"objpath":"testobj",
                        "signature":{"say_hello":{},
                        "reply":{"msg":3},
                        "add":{"a":5,"b":5}}}
-> 9dc9e08c #00000000         invoke: {"objid":-723209694,
                        "method":"ubus.object.add",
                        "data":{"id":-235541040,"path":"testobj"}}
-> 4bb7a57d #00000000         invoke: {"objid":-1940255602,
                        "method":"ubus.object.add",
                        "data":{"id":-235541040,"path":"testobj"}}
-> 1a8c6bf2 #00000000           data: {"objid":-235541040,"objtype":1777611453}
-> 1a8c6bf2 #00000000         status: {"status":0}
<- 9dc9e08c #00000000         status: {"status":0,"objid":-723209694}
<- 4bb7a57d #00000000         status: {"status":0,"objid":-1940255602}
<- 1a8c6bf2 #00000000     add_object: {}
-> 1a8c6bf2 #00000000           data: {"objid":752170120}
-> 1a8c6bf2 #00000000         status: {"status":0}


I've done some research, and I've found
https://lists.openwrt.org/pipermail/openwrt-devel/2015-September/035514.html
and I think the call to ubusd_acl_check() shouldn't generate an error in
my case because I have an ACL file (assuming it is properly written)

- I doing something wrong in the ACL file?
- Is the root user the only allowed to add an object to the bus?
- Am I missing something?


Thanks in advance,

Luis Araneda.

More information about the Lede-dev mailing list