/etc/asterisk/cli_permissions.conf is in asterisk-config 1:11.13.1~dfsg-2+deb8u5.
This file is owned by root:root, with mode 0o640.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 | ;
; CLI permissions configuration example for Asterisk
;
; All the users that you want to connect with asterisk using
; rasterisk, should have write/read access to the
; asterisk socket (asterisk.ctl). You could change the permissions
; of this file in 'asterisk.conf' config parameter: 'astctlpermissions' (0666)
; found on the [files] section.
;
; general options:
;
; default_perm = permit | deny
; This is the default permissions to apply for a user that
; does not has a permissions definided.
;
; user options:
; permit = <command name> | all ; allow the user to run 'command' |
; ; allow the user to run 'all' the commands
; deny = <command name> | all ; disallow the user to run 'command' |
; ; disallow the user to run 'all' commands.
;
[general]
default_perm=permit ; To leave asterisk working as normal
; we should set this parameter to 'permit'
;
; Follows the per-users permissions configs.
;
; This list is read in the sequence that is being written, so
; In this example the user 'eliel' is allow to run only the following
; commands:
; sip show peer
; core set debug
; core set verbose
; If the user is not specified, the default_perm option will be apply to
; every command.
;
; Notice that you can also use regular expressions to allow or deny access to a
; certain command like: 'core show application D*'. In this example the user will be
; allowed to view the documentation for all the applications starting with 'D'.
; Another regular expression could be: 'channel originate SIP/[0-9]* extension *'
; allowing the user to use 'channel originate' on a sip channel and with the 'extension'
; parameter and avoiding the use of the 'application' parameter.
;
; We can also use the templates syntax:
; [supportTemplate](!)
; deny=all
; permit=sip show ; all commands starting with 'sip show' will be allowed
; permit=core show
;
; You can specify permissions for a local group instead of a user,
; just put a '@' and we will know that is a group.
; IMPORTANT NOTE: Users permissions overwrite group permissions.
;
;[@adm]
;deny=all
;permit=sip
;permit=core
;
;
;[eliel]
;deny=all
;permit=sip show peer
;deny=sip show peers
;permit=core set
;
;
;User 'tommy' inherits from template 'supportTemplate':
; deny=all
; permit=sip show
; permit=core show
;[tommy](supportTemplate)
;permit=core set debug
;permit=dialplan show
;
;
;[mark]
;deny=all
;permit=all
;
;
|