DWC system folder password?
-
Hello to all,
Is there any way to restrict the DWC user from accessing the system menu? We need to shield the configuration files from modification and/or viewing the content of these files. At least with a simple password.
On end-user machines, there are things they should not touch, and some things, not even see.
Have you thought about implementing some kind of access permission, that prevents to see or modify the content of this tab?
Thanks!
-
@Marcossf there isnt. You would have to modify DWC to add that functionality
Owns various duet boards and is the main wiki maintainer for the Teamgloomy LPC/STM32 port of RRF. Assume I'm running whatever the latest beta/stable build is
-
even if system access would be limited, running many commands without parameters returns their current configuration. What settings do you intend to hide from end users?
-
Hi @oliof
I intend to hide or make inaccessible to the user the entire contents of the system folder.
It would be simple if DWC could work with two permission levels, user and administrator. The user can NOT see or change any of the system code.
Another option would be to be able to encrypt the content, but I think that would be more complex.
We are studying the possibility of making a custom DWC frontend from scratch with all our needs, but it is a huge task. Think that we have to apply this to a commercial machine, where the user doesn't even have to know what's behind it.
-
@Marcossf you would also need to disable GCodes such as M115 and M122, remove the Console, modify GCodes that return current values when issued without parameters, make the sdcard in the controller board (or SBC) inaccessible, disallow use.of the object model, remove M291,and probably a handful of other massive changes to how RRF worked to hide things from users. Klipper and Marlin would have the same challenges btw.
If you only wanted to keep users from making changes to the config, that would be hard enough because you would find ways to allow adjustment of certain values (PID tunes, LA/IS per material, Z probe offsets) anyways.
-
@Marcossf In standalone mode you can set the files on the SD card to read-only using File -> Properties. RRF does not have a facility to toggle that (yet). Read-only files cannot be modified either.
In SBC mode you could achieve a similar thing by removing the +w flags using chmod from files in /opt/dsf/sd/sys.
If end-users are not supposed to see those files, you need to customize DWC and remove the Files -> System page. That's relatively easily done by removing the corresponding menu registration from src/routes/index.js/.ts AFAIR.
-
@chrishamm Thanks Chris and @oliof We use in SBC mode, and making the files read-only has given us problems (I can't remember now exactly what the error was).
I think we are going to have to opt for a customised DWC, something we didn't count on in our gant tree.
However, we do need to allow access to the console to see events and errors in order to provide user support, so cannot be fully armoured. Also calls to object model to get some variable values; it's not going to be a straightforward thing.
If users are not able to see or copy the software we have programmed, that should be enough.
In any case, any IT guy with the desire to obtain this data at any cost would not have too much difficulty.Thanks for your advice
