luci/modules/luci-mod-status/root/usr/share/rpcd/acl.d/luci-mod-status.json

{
	"luci-mod-status-realtime": {
		"description": "Grant access to realtime statistics",
		"read": {
			"ubus": {
				"luci": [ "getConntrackList", "getRealtimeStats" ],
				"network.rrdns": [ "lookup" ]
			}
		}
	},

	"luci-mod-status-processes": {
		"description": "Grant access to process status",
		"read": {
			"ubus": {
				"luci": [ "getProcessList" ]
			}
		},
		"write": {
			"file": {
				"/bin/kill": [ "exec" ]
			},
			"ubus": {
				"file": [ "exec" ]
			}
		}
	},

	"luci-mod-status-logs": {
		"description": "Grant access to system logs",
		"read": {
			"cgi-io": [ "exec" ],
			"file": {
				"/bin/dmesg -r": [ "exec" ],
				"/sbin/logread": [ "stat" ],
				"/sbin/logread -e ^": [ "exec" ],
				"/usr/sbin/logread": [ "stat" ],
				"/usr/sbin/logread -e ^": [ "exec" ]
			},
			"ubus": {
				"file": [ "stat" ]
			}
		}
	},

	"luci-mod-status-routes": {
		"description": "Grant access to routing status",
		"read": {
			"file": {
				"/sbin/ip -[46] neigh show": [ "exec" ],
				"/sbin/ip -[46] route show table all": [ "exec" ],
				"/sbin/ip -[46] rule show": [ "exec" ]
			},
			"ubus": {
				"file": [ "exec" ]
			}
		}
	},

	"luci-mod-status-channel_analysis": {
		"description": "Grant access to wireless channel status",
		"read": {
			"ubus": {
				"iwinfo": [ "info", "freqlist" ]
			}
		}
	},

	"luci-mod-status-firewall": {
		"description": "Grant access to firewall status",
		"read": {
			"cgi-io": [ "exec" ],
			"file": {
				"/usr/sbin/nft --json list ruleset": [ "exec" ],
				"/usr/sbin/iptables --line-numbers -w -nvxL -t *": [ "exec" ],
				"/usr/sbin/ip6tables --line-numbers -w -nvxL -t *": [ "exec" ],
				"/usr/sbin/ip6tables": [ "list" ],
				"/usr/sbin/iptables-save": [ "exec" ],
				"/usr/sbin/ip6tables-save": [ "exec" ]
			},
			"ubus": {
				"file": [ "stat" ]
			}
		},
		"write": {
			"cgi-io": [ "exec" ],
			"file": {
				"/etc/init.d/firewall restart": [ "exec" ],
				"/usr/sbin/iptables -Z": [ "exec" ],
				"/usr/sbin/ip6tables -Z": [ "exec" ]
			},
			"ubus": {
				"file": [ "exec" ]
			}
		}
	}
}