| 
									
										
										
										
											2008-12-01 18:52:14 +00:00
										 |  |  | ; | 
					
						
							|  |  |  | ; CLI permissions configuration example for Asterisk | 
					
						
							|  |  |  | ; | 
					
						
							|  |  |  | ; All the users that you want to connect with asterisk using | 
					
						
							|  |  |  | ; rasterisk, should have write/read access to the | 
					
						
							|  |  |  | ; asterisk socket (asterisk.ctl). You could change the permissions | 
					
						
							|  |  |  | ; of this file in 'asterisk.conf' config parameter: 'astctlpermissions' (0666) | 
					
						
							|  |  |  | ; found on the [files] section. | 
					
						
							|  |  |  | ; | 
					
						
							|  |  |  | ; general options: | 
					
						
							|  |  |  | ; | 
					
						
							|  |  |  | ; default_perm = permit | deny | 
					
						
							|  |  |  | ;                This is the default permissions to apply for a user that | 
					
						
							|  |  |  | ;                does not has a permissions definided. | 
					
						
							|  |  |  | ; | 
					
						
							|  |  |  | ; user options: | 
					
						
							|  |  |  | ; permit = <command name> | all		; allow the user to run 'command' | | 
					
						
							|  |  |  | ;					; allow the user to run 'all' the commands | 
					
						
							|  |  |  | ; deny = <command name> | all		; disallow the user to run 'command' | | 
					
						
							|  |  |  | ;					; disallow the user to run 'all' commands. | 
					
						
							|  |  |  | ; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | [general] | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | default_perm=permit	; To leave asterisk working as normal | 
					
						
							| 
									
										
										
										
											2009-05-28 14:39:21 +00:00
										 |  |  | 			; we should set this parameter to 'permit' | 
					
						
							| 
									
										
										
										
											2008-12-01 18:52:14 +00:00
										 |  |  | ; | 
					
						
							|  |  |  | ; Follows the per-users permissions configs. | 
					
						
							|  |  |  | ; | 
					
						
							|  |  |  | ; This list is read in the sequence that is being written, so | 
					
						
							|  |  |  | ; In this example the user 'eliel' is allow to run only the following | 
					
						
							|  |  |  | ; commands: | 
					
						
							|  |  |  | ;          sip show peer | 
					
						
							|  |  |  | ;          core set debug | 
					
						
							|  |  |  | ;          core set verbose | 
					
						
							|  |  |  | ; If the user is not specified, the default_perm option will be apply to | 
					
						
							|  |  |  | ; every command. | 
					
						
							|  |  |  | ; | 
					
						
							|  |  |  | ; Notice that you can also use regular expressions to allow or deny access to a | 
					
						
							|  |  |  | ; certain command like: 'core show application D*'. In this example the user will be | 
					
						
							|  |  |  | ; allowed to view the documentation for all the applications starting with 'D'. | 
					
						
							|  |  |  | ; Another regular expression could be: 'channel originate SIP/[0-9]* extension *' | 
					
						
							|  |  |  | ; allowing the user to use 'channel originate' on a sip channel and with the 'extension' | 
					
						
							|  |  |  | ; parameter and avoiding the use of the 'application' parameter. | 
					
						
							|  |  |  | ; | 
					
						
							|  |  |  | ; We can also use the templates syntax: | 
					
						
							|  |  |  | ; [supportTemplate](!) | 
					
						
							|  |  |  | ; deny=all | 
					
						
							|  |  |  | ; permit=sip show       ; all commands starting with 'sip show' will be allowed | 
					
						
							|  |  |  | ; permit=core show | 
					
						
							|  |  |  | ; | 
					
						
							|  |  |  | ; You can specify permissions for a local group instead of a user, | 
					
						
							|  |  |  | ; just put a '@' and we will know that is a group. | 
					
						
							|  |  |  | ; IMPORTANT NOTE: Users permissions overwrite group permissions. | 
					
						
							|  |  |  | ; | 
					
						
							|  |  |  | ;[@adm] | 
					
						
							|  |  |  | ;deny=all | 
					
						
							|  |  |  | ;permit=sip | 
					
						
							|  |  |  | ;permit=core | 
					
						
							|  |  |  | ; | 
					
						
							|  |  |  | ; | 
					
						
							|  |  |  | ;[eliel] | 
					
						
							|  |  |  | ;deny=all | 
					
						
							|  |  |  | ;permit=sip show peer | 
					
						
							|  |  |  | ;deny=sip show peers | 
					
						
							|  |  |  | ;permit=core set | 
					
						
							|  |  |  | ; | 
					
						
							|  |  |  | ; | 
					
						
							|  |  |  | ;User 'tommy' inherits from template 'supportTemplate': | 
					
						
							|  |  |  | ;	deny=all | 
					
						
							|  |  |  | ;	permit=sip show | 
					
						
							|  |  |  | ;	permit=core show | 
					
						
							|  |  |  | ;[tommy](supportTemplate) | 
					
						
							|  |  |  | ;permit=core set debug | 
					
						
							|  |  |  | ;permit=dialplan show | 
					
						
							|  |  |  | ; | 
					
						
							|  |  |  | ; | 
					
						
							|  |  |  | ;[mark] | 
					
						
							|  |  |  | ;deny=all | 
					
						
							|  |  |  | ;permit=all | 
					
						
							|  |  |  | ; | 
					
						
							|  |  |  | ; |