asterisk CLI permissions
Tzafrir Cohen
tzafrir.cohen at xorcom.com
Fri Sep 11 20:44:41 UTC 2009
Hi
One of the new features in Asterisk 1.6.2 is CLI permissions. That is:
Asterisk checks the ID of a process that connects to the asterisk.ctl
socket and may allow it only subset of the commands.
The default /etc/asterisk/cli_permissions.conf has default_perm=permit.
This preserves older behaviour: all users are able to run all commands
and access control is done only through the file permissions on
asterisk.ctl .
IIRC this is also the case if /etc/asterisk/cli_permissions.conf does
not exist (which may happen on an upgrade or merely starting a
configuration from scratch).
At first glance I thought that it would be nice to grant all users of
group 'asterisk' write permission to asterisk.ctl . But then I
remembered that those users are likely to also have write permission to
cli_permissions.conf itself.
Any other thoughts regarding a useful default?
--
Tzafrir Cohen
icq#16849755 jabber:tzafrir.cohen at xorcom.com
+972-50-7952406 mailto:tzafrir.cohen at xorcom.com
http://www.xorcom.com iax:guest at local.xorcom.com/tzafrir
More information about the Pkg-voip-maintainers
mailing list