Duet3D Logo Duet3D
    • Tags
    • Documentation
    • Order
    • Register
    • Login

    DWC system folder password?

    Scheduled Pinned Locked Moved
    Duet Web Control
    4
    7
    359
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Marcossfundefined
      Marcossf
      last edited by

      Hello to all,

      Is there any way to restrict the DWC user from accessing the system menu? We need to shield the configuration files from modification and/or viewing the content of these files. At least with a simple password.

      On end-user machines, there are things they should not touch, and some things, not even see.

      Have you thought about implementing some kind of access permission, that prevents to see or modify the content of this tab?

      Thanks!

      jay_s_ukundefined 1 Reply Last reply Reply Quote 0
      • jay_s_ukundefined
        jay_s_uk @Marcossf
        last edited by

        @Marcossf there isnt. You would have to modify DWC to add that functionality

        Owns various duet boards and is the main wiki maintainer for the Teamgloomy LPC/STM32 port of RRF. Assume I'm running whatever the latest beta/stable build is

        oliofundefined chrishammundefined 2 Replies Last reply Reply Quote 1
        • oliofundefined
          oliof @jay_s_uk
          last edited by

          even if system access would be limited, running many commands without parameters returns their current configuration. What settings do you intend to hide from end users?

          <>RatRig V-Minion Fly Super5Pro RRF<> V-Core 3.1 IDEX k*****r <> RatRig V-Minion SKR 2 Marlin<>

          Marcossfundefined 1 Reply Last reply Reply Quote 1
          • Marcossfundefined
            Marcossf @oliof
            last edited by

            Hi @oliof

            I intend to hide or make inaccessible to the user the entire contents of the system folder.

            It would be simple if DWC could work with two permission levels, user and administrator. The user can NOT see or change any of the system code.

            Another option would be to be able to encrypt the content, but I think that would be more complex.

            We are studying the possibility of making a custom DWC frontend from scratch with all our needs, but it is a huge task. Think that we have to apply this to a commercial machine, where the user doesn't even have to know what's behind it.

            oliofundefined 1 Reply Last reply Reply Quote 1
            • oliofundefined
              oliof @Marcossf
              last edited by

              @Marcossf you would also need to disable GCodes such as M115 and M122, remove the Console, modify GCodes that return current values when issued without parameters, make the sdcard in the controller board (or SBC) inaccessible, disallow use.of the object model, remove M291,and probably a handful of other massive changes to how RRF worked to hide things from users. Klipper and Marlin would have the same challenges btw.

              If you only wanted to keep users from making changes to the config, that would be hard enough because you would find ways to allow adjustment of certain values (PID tunes, LA/IS per material, Z probe offsets) anyways.

              <>RatRig V-Minion Fly Super5Pro RRF<> V-Core 3.1 IDEX k*****r <> RatRig V-Minion SKR 2 Marlin<>

              1 Reply Last reply Reply Quote 1
              • chrishammundefined
                chrishamm administrators @jay_s_uk
                last edited by

                @Marcossf In standalone mode you can set the files on the SD card to read-only using File -> Properties. RRF does not have a facility to toggle that (yet). Read-only files cannot be modified either.

                In SBC mode you could achieve a similar thing by removing the +w flags using chmod from files in /opt/dsf/sd/sys.

                If end-users are not supposed to see those files, you need to customize DWC and remove the Files -> System page. That's relatively easily done by removing the corresponding menu registration from src/routes/index.js/.ts AFAIR.

                Duet software engineer

                Marcossfundefined 1 Reply Last reply Reply Quote 0
                • Marcossfundefined
                  Marcossf @chrishamm
                  last edited by

                  @chrishamm Thanks Chris and @oliof We use in SBC mode, and making the files read-only has given us problems (I can't remember now exactly what the error was).

                  I think we are going to have to opt for a customised DWC, something we didn't count on in our gant tree.

                  However, we do need to allow access to the console to see events and errors in order to provide user support, so cannot be fully armoured. Also calls to object model to get some variable values; it's not going to be a straightforward thing.

                  If users are not able to see or copy the software we have programmed, that should be enough.
                  In any case, any IT guy with the desire to obtain this data at any cost would not have too much difficulty.

                  Thanks for your advice 😉

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Unless otherwise noted, all forum content is licensed under CC-BY-SA