I can confirm this behavior: only changes to the exec.whitelist file makes it realized by openhab. No matter if you change characters or file permission settings.
My openhab : 2.5.2 running on openhabian/raspi/stretch
I guess we will have to live with that bug until 2.5.3
Only if you’re not bright enough to install the fix that already exists.
Thanks for kindness.
There may be more not bright enough like me.
I will live with it.
2 Likes
I’m definitely not bright enough, indeed.
Also - where do I find the 2.5.1 jar? That was my main question.
I found the newest version here:
https://openhab.jfrog.io/openhab/webapp/#/builds/PR-openHAB2-Addons/17461/1582472126712/published%20/org.openhab.addons.bundles:org.openhab.binding.exec:2.5.3-SNAPSHOT
first, I removed the existing binding via Paper-UI and then moved that jar file to the conf/addons folder in openhab… I waited 1 min… then it worked
1 Like
Thanks @papaPhiL, this did the trick for me. 
For others: lookup the correct location of the “conf/addons” folder in the documentation:
see “Additional add-on files” in https://www.openhab.org/docs/installation/linux.html
Whats with the misc directory? are we just inventing random configuration directories now? Where is this supposed to go? I’ve seen people mention /home/openhab2/conf (which I don’t have), /etc/openhab2 but there is no misc directory.
Are we supposed to just “know” where this non existent directory is intended to be?
There should be an option to disable this check in a config file (like addons.cfg, or runtime.cfg), or a reasonable alternative (like wildcards) until a workable solution can be implemented.
It does feel odd. Typically this whitelist sounds like the sort of thing that should go in /services/. Maybe the idea is that you can more easily lock down write access to a “special” directory.
So where does this file go? I’m also getting no log entries at all, the exec command just don’t work anymore.
OK I got this log entry:
26-Feb-2020 12:16:04.496 [DEBUG] [ab.binding.exec.internal.ExecWhitelistWatchService] - Updated command whitelist:
But that’s it, nothing when I actually try to trigger a command. log level is set to DEBUG. I’ve updated to the 2.5.3 SNAPSHOT build, but still nothing.
I’m assuming this means i have the exec.whitelist file in the right place /etc/openhab2/misc.
Honestly, I understand security concerns, but when the security prevents you from actually doing anything, well there is no point in having an exec binding in the first place.
Finally went back to 2.5.1 binding, and all works again, including logging.
Seriously WTF?
1 Like
This is strange to me. I have several “executeCommandLine” rules and they all still run flawlessly, no mention of whitelist errors in the logs.
Which OH version are you running?
2.5.2
Yes. The whitelist is about binding Things.
1 Like
Cool, the ‘exec:command:’ lines I had in Things are now in cron jobs.
Came here after I was experiencing issues. My issue was the fact that I had created the file and put it in the correct location but openhab did not own the file.
In case anyone else finds this useful. Using terminal/putty the method I ended up with that works was as follows:
#create directory
sudo mkdir /etc/openhab2/misc/
#create the file and add my commands (1 per line)
echo "/usr/bin/sudo /sbin/shutdown -h now
/usr/bin/sudo /sbin/reboot" | sudo tee /etc/openhab2/misc/exec.whitelist
#make openhab the owner of the directory and files within
sudo chown -hR openhab:openhab /etc/openhab2/misc/
Hi all,
I’m running OpenHAB 2 on CentOS 7. I updated OpenHAB to version 2.5.2 yesterday and ran into the same problem.
As stated above, I had to create both the directory /etc/openhab2/misc and the file exec.whitelist wiht my commands.
At first it did not work, but I read about the line endings in this thread. I had to convert the file to DOS format to be able to use it.
You can use the tool “unix2dos” from the dos2unix package to do that.
unix2dos /etc/openhab2/misc/exec.whitelist
Hope this helps someone.
My question is: does anybody know how to use wildcards in this file? I run a script with multiple IP addresses as parameter, currently I had to add a line for every IP address, like this
/path/script 1.1.1.1
/path/script 2.2.2.2
This does not work:
/path/script *
Also not working with a regex:
/path/script.*
Anybody?
Regards,
Christian
I don’t see that anyone else has contributed one, I wrote a one-line perl command to generate the exec.whitelist file from things/*.things . I have this script in my misc directory (both my dev and server are linux):
perl -ne 'print "$1\n" if /command=\"([^"]+)\"/' ../things/*.things >exec.whitelist
This is inteded to be run from /etc/openhab2/misc itself. I put it in a shell script so I can run it easily after making modifications. In that case, I copied the file that came with the distribution (that had the commend headers) and I run the attached.
do.sh.txt (272 Bytes)
2 Likes
Im not bright enough either - can someone point me to a reference on how to get a jar file from jfrog?
I think you can get the jar file for all of the 2.5.1 addons here.
You should be able to extract the exec binding jar from that.