Node-RED user api to restart the application (Node-RED)

Added, hopefully others will add their thoughts too. :grinning:

I did, yes. But as with anything related to security, it is easy to take a specific suggestion and generalise it without thinking through the consequences.

Things are protected by sudo for really good reasons, it isn't done lightly. So undoing that - especially if allowing access to editors who possibly don't understand operating system security - is going to have consequences.

In this case, the most obvious would be accidental or deliberate denial-of-service.

There are some things that, while you CAN do them in Node-RED (because it is a great compute environment), doesn't mean that you SHOULD.

There are other, non-Node-RED methods for restarting services which is something that should indeed be restricted to an admin separate to a Node-RED admin. Similarly, you don't HAVE to install/update/remove node modules from Node-RED itself. It is a nice feature but probably terrible in a production environment. In such cases set up a separate admin script that an OS admin has to run. Maybe use Node-RED to create a request form so that your users can still request changes to node modules but an OS admin has to actually run them after due dilligence.

What is this world of OS administrators, request forms and due diligence? :grinning:

1 Like

Sorry, I've let me professional life bleed into the world of Node-RED! :grinning:

1 Like

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.