Why do you reject cli access from the gateway address?

[kettenbach-it]

Here:

https://github.com/Logitech/slimserver/blob/feb5e256ad91cf07e58a0cee1a49392b21c7bdd6/Slim/Plugin/CLI/Plugin.pm#L248

In my case, I run a interface on my network gateway that needs to talk to the squeezeserver and there is no way to allow that.
Why? I doesn't make sense to me.

[michaelherger]

It's security reasons, obviously. You don't want the script kiddy on the internet to play music in your home at full volume around 2am.

Now you seem to have a slightly more complicated setup in which case this might be a problem. But as you can see from the condition you pointed at you can change the behaviour. Feel free to disable this security measure. But you've been warned 😉.

[kettenbach-it]

What option in the menu does this refer to:

$prefsServer->get('protectSettings'

I don't want to enable authorization and all other conditions are out of my hands

[michaelherger]

As this is a potentially dangerous pref it's not exposed in the UI. It's really for those who know what they're doing. You'd have to shut down LMS and edit it in server.prefs directly.

[kettenbach-it]

In the end, it's a matter of opinion: I think that if you open a port on your router and release the CLI unprotected to the Internet, then you have to expect to be woken up by a script kiddie at night.
What bothers me is that assumptions are made here that create significant inconvenience for power users like me.
The bottom line for me is that there is no configuration option that solves my problem: CLI access without a password from the gateway (the gateway is also just a host on the local network).
Since I run LMS in a Docker container, manual editing would also only survive until the next re-deployment. Therefore, I created a patch that patches out the complete relevant section in the container's build process - a lot of effort, but not feasible otherwise.
I advocate for less "opionated" software. Developers are not responsible for the stupidity of users.

[michaelherger]

Just change the pref. It's a configuration file. Configuration files should live outside the container and survive updates.

Trust me when I say this code change has saved hundreds of nights, while cause a hand full of users problems. Or rather challenges, as the behaviour can be configured.