Re: Password Protection for Shell #uart #api

Chruściński, Krzysztof

Hi Dave,


I think you could try to look into selecting root command feature. Create dummy command with only “login” subcommand. Set this dummy command during system startup (shell_set_root_command(“dummy_cmd”) as root command. Then to enable all commands reset root command on login ( shell_set_root_cmd(NULL)). It can give a notion of shell protection. There is one thing though: select command and a key shortcut which is equivalent of shell_set_root_cmd(NULL) that must be disabled (CONFIG_SHELL_CMDS_SELECT=n).





From: users@... <users@...> On Behalf Of dave via
Sent: Tuesday, September 15, 2020 10:17 PM
To: users@...
Subject: [Zephyr-users] Password Protection for Shell #uart #api


I'm quite new to Zephyr, so I may have missed this, but I can't seem to find an easy way to add a simple password protection wall for the shell commands. I don't need or expect a full user model with permissions, just a simple "root" style password that can hide the commands until it is entered. Assuming I connect my device over USB and bring up the shell as a serial console, I can see that I have full access to all the shell commands without any protections. I often design products that use the shell/CLI as an interface to verify the system during manufacturing, as well as deal with systems that may have been bricked in the field, so it's something I'd like to continue using - but I don't want this to be wide open to users.

I could imagine using the API to create a command, like say "login", with a password argument field - but maybe there is a more elegant way?

Thanks in advance for the help!

Dave MacLeod

Join to automatically receive all group messages.