Lock cfg file using password

Hi, is there any feature to lock the cfg file using password?

It would be helpful if you described your software setup.

Assuming that you are using moonraker and a fronted that allows editing the config, then there is no supported solution officially.
One possibility is to configure moonraker to use an empty directory as config path:

# ~/moonraker.conf:
config_path: /home/pi/empty

And then edit your configs only through ssh, protected by an admin password (eg. with vscode’s " Remote - SSH" extension).

My software setup is using Mainsail OS, i found that the config session can easily to open the config file and editing for allow user. So I searching someway to lock the config so that not anyone can open without knowing the password.

Or maybe not using password is alright too. Just keep the config file not easy to open but still visible easy to find the config file.

Otherwise both Fluidd and Mainsail use nginx as web server. If needed an authentication could be setup there as well. Ref to

Moved post to Webif category

Did you mean both Fluidd and Mainsail are now using nginx as web server?

From the link you share, it was tock the IP address.

So I still can upload gcode file for printing, right?
Still can using the UI to control the 3d printer, right?

No restricting access through moonraker’s [authorization] config will block both the editing and the access to printing and UI.

With nginx configured as a reverse proxy, restricting access to POST /server/files/upload could block file editing. It will also block gcode upload, but if all the slicers use the octoprint API (POST /api/files/local) they will still be able to upload gcodes.

As I said, the simplest solution for your situation is probably to configure config_path to a dummy folder and edit the configs via SSH.

Another option would be to modify the file permission of the cfg. E.g. owned by root but read all. This would allow the webinterface to read and display config values, e.g. for macros but any attempt to modify the file will fail.
Modification will then only be possible via shell access as detailed by @Piezo

Fronted should fetch the macros from the configfile printer object. At least fluidd does.

And yes blocking write permission at the file permission level is a good solution if you want your users to be able to consult the config.

1 Like

edit the configs via SSH, must using the login and password?
So it is using the same login password of the raspberry pi?

Do you have tutorial for how to do this?

Basically pretty easy

  1. Change ownership of the file
    • sudo chown root printer.cfg
  2. In doubt, but should not be needed, make sure that the file has the proper permissions:
    • sudo chmod 644 printer.cfg

Should then look something like:

-rw-r--r--  1 root     pi  25K Aug 26 11:28 printer.cfg

Now only root is allowed to modify the file.

What about in the hardware control, unplug the SD card and still can find the cfg file?