alpacon token acl command

Manage command ACL rules for an API token. Configure which server-side shell commands the token is allowed to execute via alpacon exec or non-interactive alpacon websh SERVER "command".

Deny-by-default: if no command ACL exists for a token, all remote command execution is denied.

alpacon token acl command [flags]
alpacon token acl command [command]

Options

  -h, --help   help for command

Wildcard patterns

Use * as a wildcard to match any arguments:

ACL rule	Matches	Does not match
`whoami`	`whoami` (exact)	`whoami --help`
`echo *`	`echo "hello"`, `echo foo bar`	—
`systemctl status *`	`systemctl status nginx`, `systemctl status app`	`systemctl restart nginx`
`docker compose *`	`docker compose up -d`, `docker compose ps`	`docker run nginx`

Examples

# Exact match
alpacon token acl command add my-api-token --command="whoami"
 
# Wildcard
alpacon token acl command add my-api-token --command="systemctl status *"
 
# List all command ACLs
alpacon token acl command ls my-api-token

add

Add a command ACL rule to a token

List command ACL rules for a token

delete

Delete a command ACL rule by ID

alpacon token acl command

Options

Wildcard patterns

Examples

Related commands