Is it possible to use wildcards in the Whitelist as i use about 150 different “executeCommandLine” Calls in my rules and it would be a pain to Whitelist every one of it. I already use a firewall to restrict access to the API.
UPDATE: all my “executeCommandLine” Calls in my rules are working (apparently).
Where must I place the exec.whitelist file?
Could you please provide the correct path (for openhabian)?
Thanks a lot!
It’s in the docs
For security reasons all commands need to be whitelisted. Allowed commands need to be added to the misc/exec.whitelist file in the configuration directory. Every command needs to be on a separate line.
/etc/openhab2/misc/exec.whitelist
OK, thanks. I don’t have this directory…
Is it created after the upgrade?
Corrected my post, there was a superfluent /conf.
You can see folder Layout here
Thank you. The file is created after update or do I have to create it manually?
You have to create it manually
Thanks
I have this in one of my rules:
var String powerStateEnigmaLong = executeCommandLine("curl -s http://" + enigma_ip + "/web/powerstate", 5000)
Is this the same like exec-binding? Do i have to write this in my whitelist too?
It doesn’t look like it here. I have many executeCommandLine() too, and they are still working after the update.
It’s worth noting that if you use exec binding and configure it via PaperUI, you still need to create the whitelist.
I grabbed my commands in one go using:
grep 'command":' /var/lib/openhab2/jsondb/org.eclipse.smarthome.core.thing.Thing.json
then copy/pasted into the whitelist.
Edit: for anyone stumbling on this, there is a far better way of extracting the commands and writing them to the file here
OK, i created the folder misc and created the exec.whitelist file, filled it with the one anly only command, set all the permissions, cleaned the cache restarted openHAB2 and:
2020-02-20 13:43:21.470 [WARN ] [ng.exec.internal.handler.ExecHandler] - Tried to execute '/etc/openhab2/scripts/internetspeedcheck.sh >/dev/null 2>&1', but it is not contained in whitelist.
Any ideas?
Same for me…
I had a little trouble as well getting this to work after upgrading to version 2.5.2. My experience has been, that you have to copy the command from the things parameters to the whitelist and not the resulting command after parameter expansion. I first had:
/usr/local/bin/ps4-waker check
in the whitelist which did not work, because this got expanded from the things parameter where i entered:
/usr/local/bin/ps4-waker %2$s
When i added this to /etc/openhab2/misc/exec.whitelist all warnings and errors disappeared…
kind regards,
Christoph
Same error. A couple of reboots fixed it for me. Also, I removed a # comment so there is nothing else in the list
edit… Looking at the logs it shows just after restart the ’ not contained in the white list ’ error but immediately followed by the result of the command. So it did run despite the log message
My things file:
Thing exec:command:uptime [command="/etc/openhab2/scripts/uptime.sh", interval=60, timeout=2]
My exec.whitelist
/etc/openhab2/scripts/uptime.sh
So what is the right command?
It is how I have it.
Mine seems to be running now I just left it alone but I did the see the error as it booted back up.
It looks like the line end of the exec.whitelist file must be CRLF. LF did not work on my openhabian installation.
Notepad++ shows… LF for me, with LF on empty line below too
Same here for the exec transformation.
After converting the misc/exec.whitelist from LF to CRLF, the entered lines are recognized.
Seems that the CRLF did the trick