Security limitations in 2.5.2 exec binding

Is it possible to use wildcards in the Whitelist as i use about 150 different “executeCommandLine” Calls in my rules and it would be a pain to Whitelist every one of it. I already use a firewall to restrict access to the API.

UPDATE: all my “executeCommandLine” Calls in my rules are working (apparently).

1 Like

Where must I place the exec.whitelist file?
Could you please provide the correct path (for openhabian)?

Thanks a lot!

It’s in the docs

For security reasons all commands need to be whitelisted. Allowed commands need to be added to the misc/exec.whitelist file in the configuration directory. Every command needs to be on a separate line.

1 Like

OK, thanks. I don’t have this directory…
Is it created after the upgrade?

Corrected my post, there was a superfluent /conf.

You can see folder Layout here

Thank you. The file is created after update or do I have to create it manually?

1 Like

You have to create it manually


I have this in one of my rules:

var String powerStateEnigmaLong = executeCommandLine("curl -s http://" + enigma_ip + "/web/powerstate", 5000)

Is this the same like exec-binding? Do i have to write this in my whitelist too?

1 Like

It doesn’t look like it here. I have many executeCommandLine() too, and they are still working after the update.

It’s worth noting that if you use exec binding and configure it via PaperUI, you still need to create the whitelist.

I grabbed my commands in one go using:

grep 'command":' /var/lib/openhab2/jsondb/org.eclipse.smarthome.core.thing.Thing.json

then copy/pasted into the whitelist.

Edit: for anyone stumbling on this, there is a far better way of extracting the commands and writing them to the file here


OK, i created the folder misc and created the exec.whitelist file, filled it with the one anly only command, set all the permissions, cleaned the cache restarted openHAB2 and:

2020-02-20 13:43:21.470 [WARN ] [ng.exec.internal.handler.ExecHandler] - Tried to execute '/etc/openhab2/scripts/ >/dev/null 2>&1', but it is not contained in whitelist.

Any ideas?

1 Like

Same for me…

1 Like

I had a little trouble as well getting this to work after upgrading to version 2.5.2. My experience has been, that you have to copy the command from the things parameters to the whitelist and not the resulting command after parameter expansion. I first had:

/usr/local/bin/ps4-waker check

in the whitelist which did not work, because this got expanded from the things parameter where i entered:

/usr/local/bin/ps4-waker %2$s

When i added this to /etc/openhab2/misc/exec.whitelist all warnings and errors disappeared…

kind regards,


Same error. A couple of reboots fixed it for me. Also, I removed a # comment so there is nothing else in the list

edit… Looking at the logs it shows just after restart the ’ not contained in the white list ’ error but immediately followed by the result of the command. So it did run despite the log message

My things file:

Thing exec:command:uptime [command="/etc/openhab2/scripts/", interval=60, timeout=2]

My exec.whitelist


So what is the right command?

It is how I have it.

Mine seems to be running now I just left it alone but I did the see the error as it booted back up.

It looks like the line end of the exec.whitelist file must be CRLF. LF did not work on my openhabian installation.


Notepad++ shows… LF for me, with LF on empty line below too

Same here for the exec transformation.
After converting the misc/exec.whitelist from LF to CRLF, the entered lines are recognized.

1 Like

Seems that the CRLF did the trick