mirror of
https://github.com/home-assistant/developers.home-assistant.git
synced 2025-07-10 10:56:28 +00:00
Make hassio_addon_security.md more readable (#244)
Here are several changes to this file to make it more readable in English.
This commit is contained in:
parent
895df4b410
commit
dc16cefd94
@ -6,21 +6,21 @@ Hass.io rates every add-on based on the wanted rights. An add-on with a rating o
|
||||
|
||||
## API Role
|
||||
|
||||
For access to Hass.io API you need define a role or you run in default mode. This is only required for Hass.io API not Home Assistant proxy. Any of the role have also the default API calls inheret for that are no settings are required.
|
||||
For access to Hass.io API you need define a role or you run in default mode. This is only required for Hass.io API not Home Assistant proxy. Any of the roles already have access to the default API calls, and do not require any additional settings.
|
||||
|
||||
### Available Roles
|
||||
|
||||
| Role | Description |
|
||||
|------|-------------|
|
||||
| default | Have access to all `info` calls |
|
||||
| homeassistant | Can access to all Home Assistant API endpoints |
|
||||
| backup | Can access to all snapshot API endpoints |
|
||||
| manager | Is for Add-ons they run CLIs and need extended rights |
|
||||
| homeassistant | Can access all Home Assistant API endpoints |
|
||||
| backup | Can access all snapshot API endpoints |
|
||||
| manager | Is for Add-ons that run CLIs and need extended rights |
|
||||
| admin | Have access to every API call. That is the only one they can disable/enable the Add-on protection mode |
|
||||
|
||||
## Protection
|
||||
|
||||
Default, all add-ons run in protection enabled mode. This mode prevents the add-on from getting any rights on the system. If an add-on requires more rights, you can disable this protection via the API add-on options for that add-on. But be carful, an add-on with disabled protection can destroy your system!
|
||||
Default, all add-ons run in protection enabled mode. This mode prevents the add-on from getting any rights on the system. If an add-on requires more rights, you can disable this protection via the API add-on options for that add-on. But be careful, an add-on with disabled protection can destroy your system!
|
||||
|
||||
## Making a secure add-on
|
||||
|
||||
@ -29,13 +29,13 @@ As a developer, follow the following best practices to make your add-on secure:
|
||||
- Don't run on host network
|
||||
- Create an AppArmor profile
|
||||
- Map folders read only if you don't need write access
|
||||
- If you need any API access, make sure you that you not grant to highest permission if you don't need it
|
||||
- If you need any API access, make sure that you do not grant permission that aren't needed
|
||||
|
||||
## Use Home Assistant User backend
|
||||
|
||||
Instead to allow users to set new login credential in plain text config, use the Home Assistant [Auth backend][hassio-api-auth]. You can enable the access to API with `auth_api: true`. Now you are able to send the login credential to auth backend and validate it again Home Assistant.
|
||||
Instead of allowing users to set new login credential in plain text config, use the Home Assistant [Auth backend][hassio-api-auth]. You can enable the access to API with `auth_api: true`. Now you are able to send the login credential to auth backend and validate it again Home Assistant.
|
||||
|
||||
We have some sample and helper around that system collected in a [GitHub repository][hassio-auth]. Feel free to copy past it or provide your usefully scripts.
|
||||
We have some sample and helpers around that system collected in a [GitHub repository][hassio-auth]. Feel free to copy and paste it or provide your own scripts.
|
||||
|
||||
[hassio-auth]: https://github.com/home-assistant/hassio-auth
|
||||
[hassio-api-auth]: https://github.com/home-assistant/hassio/blob/dev/API.md#auth--sso-api
|
||||
|
Loading…
x
Reference in New Issue
Block a user