processone
Command need to be run with admin priviledge
Before creating a ticket, please consider if this should fit the discussion forum better: https://github.com/processone/ejabberd/discussions
Environment
- ejabberd version: 16.09
- Erlang version:
erl +V - OS: Amazon Linux release 2 (Karoo)
- Installed from: source https://www.process-one.net/downloads/downloads-action.php?file=/16.09/ejabberd-16.09-linux-x86_64-installer.run
Configuration (only if needed): grep -Ev '^$|^\s*#' ejabberd.yml
loglevel: 4
...
Errors from error.log/crash.log
No errors
Bug description
When I try to Run below API http://ec2-3-135-193-140.us-east-2.compute.amazonaws.com:5280/api/register
I Got "Command need to be run with admin priviledge" error please check below link http://prntscr.com/xXbRVU_nBdYK http://prntscr.com/bsDYMalBWH1N
My \opt\ejabberd-16.09\conf\ejabberd.yml file details
port: 5280
module: ejabberd_http
request_handlers:
"/websocket": ejabberd_http_ws
"/api": mod_http_api
## "/pub/archive": mod_http_fileserver
web_admin: true
http_bind: true
## register: true
captcha: false
modules:
mod_http_api:
admin_ip_access: admin_ip_access_rule
access:
admin_ip_access_rule:
admin_ip_acl:
- change password
- add_rosteritem
- register
- delete_rosteritem
- send_message
acl:
admin_ip_acl:
ip:
- "3.135.193.140/8"
Please help me how I can fix this issue.
Yes, I call http://ec2-3-135-193-140.us-east-2.compute.amazonaws.com:5280/api/register API from 3.135.193.140 server and ejabberd also installed on this server.
Well if you do that rest call on local machine, it's possible that loopback address is used, try adding 127.0.0.1/8 to that acl
Your configuration works correctly for me using 16.09, and changing the IP address to 127.0.0.1/8.
For testing I use those queries. You could try a local client like curl in the ejabberd machine:
curl -X GET \
http://localhost:5280/api/register?user=user1\&host=localhost\&password=asd1
curl -X POST \
http://localhost:5280/api/register \
-d '{"user": "user2", "host": "localhost", "password": "asd2"}'
Then I install ejabberd 22.05, and make those changes to the default configuration (just adding a request_handler and api_permissions:
diff --git a/ejabberd.yml.example b/ejabberd.yml.example
index 8eb038dd0..a0ac25945 100644
--- a/ejabberd.yml.example
+++ b/ejabberd.yml.example
@@ -65,6 +65,7 @@ listen:
module: ejabberd_http
request_handlers:
/admin: ejabberd_web_admin
+ /api: mod_http_api
/.well-known/acme-challenge: ejabberd_acme
-
port: 3478
@@ -110,6 +111,15 @@ access_rules:
allow: loopback
api_permissions:
+ "poten api example":
+ who:
+ ip: 127.0.0.1/8
+ what:
+ - change_password
+ - add_rosteritem
+ - register
+ - delete_rosteritem
+ - send_message
"console commands":
from:
- ejabberd_ctl
The curl queries work again correctly.
As I said, it works for me using 16.09, your configuration (changing IP address), and my curl query running on the same machine. I imagine there are several reasons this can fail in your server... so I tried to reproduce that error message:
If I configure
acl:
admin_ip_acl:
ip:
- "111.0.0.1/8"
Then I run the curl command
curl -X GET \
http://localhost:5280/api/register?user=user1\&host=localhost\&password=asd1
And the result is:
{"status":"error","code":31,"message":"Command need to be run with admin priviledge."}
Why does it fail? Because I told ejabberd to only accept API queries from 111.0.0.1/8, and I send the query from 127.0.0.1.
Can you try setting
acl:
admin_ip_acl:
ip:
- "127.0.0.1/8"
and run the same curl query that I do in the same machine that runs ejabberd?