Skip to content

auth: sample skit.toml user role is broader than built-in Permissions::user() (core::* incl. file_writer) #635

Description

Spotted while reviewing #634.

The built-in Permissions::user() (apps/skit/src/permissions.rs) restricts core nodes to a specific safe set that excludes core::file_writer (flagged as an arbitrary-write risk) and allows allowed_plugins = ["plugin::*"].

The sample [permissions.roles.user] in samples/skit.toml instead grants core::* (which includes core::file_writer) and allowed_plugins = [].

This divergence is pre-existing (the sample already used core::* before #634). It means an operator who copies the sample config gets a broader core-node surface than the secure built-in default, while simultaneously being more restrictive on plugins.

Proposal

Decide the intended posture for the sample and align it:

  • Either tighten the sample user role's allowed_nodes to match the built-in safe core set (drop blanket core::*, deny core::file_writer), and reconcile allowed_plugins, or
  • Document explicitly that the sample is intentionally illustrative/looser than the built-in default.

Refs: apps/skit/src/permissions.rs (Permissions::user()), samples/skit.toml ([permissions.roles.user]), #634.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions