alpacon token acl command add

Define which server-side shell commands an API token is allowed to execute via exec or non-interactive websh. Use * as a wildcard to match any arguments.

alpacon token acl command add TOKEN [flags]

Options

  -c, --command string    Server-side shell command (supports * wildcard)
      --username string   Username restriction: "" = token owner only, "*" = any user
      --groupname string  Groupname restriction: "" = no restriction, "*" = any group
  -h, --help              help for add

Examples

Allow an exact command:

alpacon token acl command add my-api-token --command="whoami"

Allow a command with any arguments (wildcard):

alpacon token acl command add my-api-token --command="systemctl status *"

Restrict to a specific user running the command:

alpacon token acl command add my-api-token --command="docker *" --username=root

Allow any user and group:

alpacon token acl command add my-api-token --command="npm *" --username="*" --groupname="*"
Last updated: