Hello, <br> There is a patch uploaded to the bugtracker: <a href="http://bugs.digium.com/view.php?id=11123">http://bugs.digium.com/view.php?id=11123</a> that was done to implement permissions in the asterisk console (cli), I am trying to get some feedback about the usage, the configuration, and also testers if you think this is a good approach (architecture) to implement permissions.
<br>What I though when I implement this was the "best" way of checking permissions with the less code changes.<br>1) Why I didn't implement permissions check in the autocompletion or in the help command?<br>
This was because in many CLI commands, autocompletion is done inside the CLI command, so it is a big change to start checking permissions on every CLI command and I think will bring many bugs.<br>2) Why I didn't change the help command to let you see only allowed command?
<br> This was because CLI commands don't know about permissions and I didn't want to send the UID of the currently user that is running the command to the command handler (in this case the 'help' command handler).
<br>3) The configuration is simple enough and let you manage permissions in the same way as codecs are allow and disallow.<br>With this patch you solved the problem of sudoers. Because asterisk like other Unix commands let you jump to the shell (! command), so a sudoer could do somthing like this:
<br>sudo /usr/sbin/asterisk -r<br>then run: ! /bin/bash<br>and get the same permissions of the asterisk running process, so, thats way I start doing this patch. The only needed change is to allow reading and writing permissions to everyone in the
asterisk.ctl socket this is done with the asterisk.conf parameter. <br>All the other things are explained in the permissions.conf.<br><br>Thanks in advanced.<br>And waiting for your recomendations, feedback and improvements.
<br clear="all"><br>-- <br>Eliel Sardaņons