diff options
author | eliel <eliel@f38db490-d61c-443f-a65b-d21fe96a405b> | 2008-12-01 18:52:14 +0000 |
---|---|---|
committer | eliel <eliel@f38db490-d61c-443f-a65b-d21fe96a405b> | 2008-12-01 18:52:14 +0000 |
commit | c3bceb968b01e897185cf8910893939e72c445d0 (patch) | |
tree | 35cdf9c8ac4353b858aa5ad558e8b9b6830cad7c /configs/cli_permissions.conf.sample | |
parent | 14324a5259f64e532e44f0acf1684555b88369bb (diff) |
Introduce CLI permissions.
Based on cli_permissions.conf configuration file, we are able to permit or deny
cli commands based on some patterns and the local user and group running rasterisk.
(Sorry if I missed some of the testers).
Reviewboard: http://reviewboard.digium.com/r/11/
(closes issue #11123)
Reported by: eliel
Tested by: eliel, IgorG, Laureano, otherwiseguy, mvanbaak
git-svn-id: http://svn.digium.com/svn/asterisk/trunk@160062 f38db490-d61c-443f-a65b-d21fe96a405b
Diffstat (limited to 'configs/cli_permissions.conf.sample')
-rw-r--r-- | configs/cli_permissions.conf.sample | 82 |
1 files changed, 82 insertions, 0 deletions
diff --git a/configs/cli_permissions.conf.sample b/configs/cli_permissions.conf.sample new file mode 100644 index 000000000..4a6973f50 --- /dev/null +++ b/configs/cli_permissions.conf.sample @@ -0,0 +1,82 @@ +; +; CLI permissions configuration example for Asterisk +; +; All the users that you want to connect with asterisk using +; rasterisk, should have write/read access to the +; asterisk socket (asterisk.ctl). You could change the permissions +; of this file in 'asterisk.conf' config parameter: 'astctlpermissions' (0666) +; found on the [files] section. +; +; general options: +; +; default_perm = permit | deny +; This is the default permissions to apply for a user that +; does not has a permissions definided. +; +; user options: +; permit = <command name> | all ; allow the user to run 'command' | +; ; allow the user to run 'all' the commands +; deny = <command name> | all ; disallow the user to run 'command' | +; ; disallow the user to run 'all' commands. +; + +[general] + +default_perm=permit ; To leave asterisk working as normal + ; we should set this parameter to 'permit' +; +; Follows the per-users permissions configs. +; +; This list is read in the sequence that is being written, so +; In this example the user 'eliel' is allow to run only the following +; commands: +; sip show peer +; core set debug +; core set verbose +; If the user is not specified, the default_perm option will be apply to +; every command. +; +; Notice that you can also use regular expressions to allow or deny access to a +; certain command like: 'core show application D*'. In this example the user will be +; allowed to view the documentation for all the applications starting with 'D'. +; Another regular expression could be: 'channel originate SIP/[0-9]* extension *' +; allowing the user to use 'channel originate' on a sip channel and with the 'extension' +; parameter and avoiding the use of the 'application' parameter. +; +; We can also use the templates syntax: +; [supportTemplate](!) +; deny=all +; permit=sip show ; all commands starting with 'sip show' will be allowed +; permit=core show +; +; You can specify permissions for a local group instead of a user, +; just put a '@' and we will know that is a group. +; IMPORTANT NOTE: Users permissions overwrite group permissions. +; +;[@adm] +;deny=all +;permit=sip +;permit=core +; +; +;[eliel] +;deny=all +;permit=sip show peer +;deny=sip show peers +;permit=core set +; +; +;User 'tommy' inherits from template 'supportTemplate': +; deny=all +; permit=sip show +; permit=core show +;[tommy](supportTemplate) +;permit=core set debug +;permit=dialplan show +; +; +;[mark] +;deny=all +;permit=all +; +; |