[asterisk-bugs] [Asterisk 0011123]: [patch] Implement asterisk CLI permissions.

noreply at bugs.digium.com noreply at bugs.digium.com
Thu Jan 17 16:17:34 CST 2008


A NOTE has been added to this issue. 
====================================================================== 
http://bugs.digium.com/view.php?id=11123 
====================================================================== 
Reported By:                eliel
Assigned To:                
====================================================================== 
Project:                    Asterisk
Issue ID:                   11123
Category:                   Core-General
Reproducibility:            always
Severity:                   feature
Priority:                   normal
Status:                     ready for testing
Asterisk Version:            SVN 
SVN Branch (only for SVN checkouts, not tarball releases):  trunk 
SVN Revision (number only!): 87627 
Disclaimer on File?:        N/A 
Request Review:              
====================================================================== 
Date Submitted:             10-30-2007 13:50 CDT
Last Modified:              01-17-2008 16:17 CST
====================================================================== 
Summary:                    [patch] Implement asterisk CLI permissions.
Description: 
Restrict users to run only a subset of commands allow (configured by an
administrator).
You need write access to the asterisk.ctl socket file.
This is useful when you need to allow run commands on the asterisk CLI to
some users for support purposes also is a secure manner to prevent commands
like 'restart now' or 'stop now' being executed by mistake. 
====================================================================== 

---------------------------------------------------------------------- 
 eliel - 01-17-08 16:17  
---------------------------------------------------------------------- 
Thanks qwell for the feedback, I will review my code. It is supposed to
work on non-Linux machines, at least a discussion on asterisk-dev about
using this authentication method was about the compatibility and we arrive
to the answer that it should work, but obviusly more testing is needed.
About the group settings being overwritten by the user settings, I think
is the best way (I know that there are many permissions configurations that
could bring confusion to the end user), but we could listen other opinions
and if a change is needed I will doit :-). I would like to know also, how
do you think those permissions should be checked, you think that if a
permit=all or a deny=all has been already setted by the group then a
permit=all or a deny=all should be discarded?

Thanks in advanced 

Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
01-17-08 16:17  eliel          Note Added: 0080828                          
======================================================================




More information about the asterisk-bugs mailing list