full access for OpenELEC settings even for non-privileged users

[ghost]

System: RaspberryPi, Kodi with OpenELEC version 5.0.4, Confluence theme.

A limited user account (LOCKED: programs & script windows, file manager, settings "all", add-on manager | UNlocked music windows, videos window, pictures window) has full access to Settings / OpenELEC / Services:

• whole Samba Config including password in plaintext
• whole SSH Config (as far as I know "root" and "openelec" with no possibility to change)

Would it be possible to allow OpenELEC menu only for master-users?

[stefansaraev]

nope.

[ghost]

@stefansaraev:

Thanks for your answer. So it is a problem of Kodi user configuration system to provide access to OpenELEC settings even for user who are not master-user?

[stefansaraev]

no. I say it's not going to be implemented in openelec (EDIT: by me or OE team), but as you have an rpi already, and it's nice educational device, you can start coding right now ;)

[ghost]

Well, if my post sounded like a demand I'm sorry - that was not my intention. Just wanted to say that there is maybe a security problem. Someone at Kodi-forum advised me to post it here. I think bugtracing is a contribution as well (which doesn't mean that we speak about a bug here). If you say just "no" I'm fine and you can mark this "issue" solved. Who needs an explanation... ;)

[lsellens]

I know this is old but it was referenced in a suggested update on slack. I took a quick look to see how easily this could be accomplished. Honestly I think if you want to restrict any profile you should lock the programs and scripts section. http://kodi.wiki/view/Profiles#The_profile_lock_preferences as far as security problems are concerned openelec runs all of its addons as root which makes it not a very "secure" platform to begin with. Perhaps locking this section would hide some holes in a lower privileged profile for you. This would of course block launching any program addons. What you're suggesting isn’t impossible. I suppose we could check if "lock settings" is true on said profile and block access to the addon that way. I'll make the change and pull request if the team would like me to. feedback?

[ghost]

Thanks alot Isellens for the profile lock manual and pushing this topic. The point I didn't understand the time I opened this thread was: Why there are user profiles with a right management (so not only for different personal settings) if you can not set up something like a guest account with very limited access (just youtube access for example) - but I didn't try again to set up limited accounts the last months. I only use my Kodi-RPi from time to time. Important: I didn't want to complain about something. OpenELEC with Kodi provide the best entertainment system for free so there is nothing to complain about.

[michel3182]