Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

full access for OpenELEC settings even for non-privileged users #64

Open
ghost opened this issue Apr 1, 2015 · 7 comments
Open

full access for OpenELEC settings even for non-privileged users #64

ghost opened this issue Apr 1, 2015 · 7 comments

Comments

@ghost
Copy link

ghost commented Apr 1, 2015

System: RaspberryPi, Kodi with OpenELEC version 5.0.4, Confluence theme.

A limited user account (LOCKED: programs & script windows, file manager, settings "all", add-on manager | UNlocked music windows, videos window, pictures window) has full access to Settings / OpenELEC / Services:

  • whole Samba Config including password in plaintext
  • whole SSH Config (as far as I know "root" and "openelec" with no possibility to change)

Would it be possible to allow OpenELEC menu only for master-users?
@stefansaraev
Copy link
Contributor

nope.

@ghost
Copy link
Author

ghost commented Apr 1, 2015

@stefansaraev:

Thanks for your answer. So it is a problem of Kodi user configuration system to provide access to OpenELEC settings even for user who are not master-user?

@stefansaraev
Copy link
Contributor

no. I say it's not going to be implemented in openelec (EDIT: by me or OE team), but as you have an rpi already, and it's nice educational device, you can start coding right now ;)

@ghost
Copy link
Author

ghost commented Apr 1, 2015

Well, if my post sounded like a demand I'm sorry - that was not my intention. Just wanted to say that there is maybe a security problem. Someone at Kodi-forum advised me to post it here.
I think bugtracing is a contribution as well (which doesn't mean that we speak about a bug here). If you say just "no" I'm fine and you can mark this "issue" solved. Who needs an explanation... ;)

@lsellens
Copy link

I know this is old but it was referenced in a suggested update on slack. I took a quick look to see how easily this could be accomplished. Honestly I think if you want to restrict any profile you should lock the programs and scripts section.
http://kodi.wiki/view/Profiles#The_profile_lock_preferences
as far as security problems are concerned openelec runs all of its addons as root which makes it not a very "secure" platform to begin with. Perhaps locking this section would hide some holes in a lower privileged profile for you. This would of course block launching any program addons. What you're suggesting isn’t impossible. I suppose we could check if "lock settings" is true on said profile and block access to the addon that way.
I'll make the change and pull request if the team would like me to. feedback?

@ghost
Copy link
Author

ghost commented Jan 21, 2016

Thanks alot Isellens for the profile lock manual and pushing this topic. The point I didn't understand the time I opened this thread was: Why there are user profiles with a right management (so not only for different personal settings) if you can not set up something like a guest account with very limited access (just youtube access for example) - but I didn't try again to set up limited accounts the last months. I only use my Kodi-RPi from time to time.
Important: I didn't want to complain about something. OpenELEC with Kodi provide the best entertainment system for free so there is nothing to complain about.

@michel3182
Copy link

screenshot_20180718-005339

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@lsellens @stefansaraev @michel3182