Instead of relying on the connect-before-setuid hack, ship a proper
acl definition file whitelisting the procedures that LuCI requires
on its non-root pages.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
end
if track.setuser then
end
if track.setuser then
- -- trigger ubus connection before dropping root privs
- util.ubus()
-
sys.process.setuser(track.setuser)
end
sys.process.setuser(track.setuser)
end
--- /dev/null
+{
+ "user": "nobody",
+ "access": {
+ "system": {
+ "methods": [ "board", "info" ]
+ }
+ }
+}