[asterisk-bugs] [Asterisk 0011123]: [patch] Implement asterisk CLI permissions.

noreply at bugs.digium.com noreply at bugs.digium.com
Tue Oct 30 18:14:07 CDT 2007 

A NOTE has been added to this issue. 
====================================================================== 
http://bugs.digium.com/view.php?id=11123 
====================================================================== 
Reported By:                eliel
Assigned To:                
====================================================================== 
Project:                    Asterisk
Issue ID:                   11123
Category:                   Core-General
Reproducibility:            always
Severity:                   feature
Priority:                   normal
Status:                     new
Asterisk Version:            SVN 
SVN Branch (only for SVN checkouts, not tarball releases):  trunk 
SVN Revision (number only!): 87627 
Disclaimer on File?:        N/A 
Request Review:              
====================================================================== 
Date Submitted:             10-30-2007 13:50 CDT
Last Modified:              10-30-2007 18:14 CDT
====================================================================== 
Summary:                    [patch] Implement asterisk CLI permissions.
Description: 
Restrict users to run only a subset of commands allow (configured by an
administrator).
You need write access to the asterisk.ctl socket file.
This is useful when you need to allow run commands on the asterisk CLI to
some users for support purposes also is a secure manner to prevent commands
like 'restart now' or 'stop now' being executed by mistake. 
====================================================================== 

---------------------------------------------------------------------- 
 qwell - 10-30-07 18:14  
---------------------------------------------------------------------- 
You might want to check how ! commands work when logging in as a different
user.

If commands are executed as the user that asterisk is running as,
something like `!asterisk -rx "restart now"` would defeat this entire
permissions stuff (note that ! isn't treated the same as a CLI command). 

Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
10-30-07 18:14  qwell          Note Added: 0072779                          
======================================================================

More information about the asterisk-bugs mailing list