From fc0fecb4768d696db3324bcf6dd03325bb4cd513 Mon Sep 17 00:00:00 2001 From: Matthew Jordan Date: Thu, 17 Jul 2014 21:17:28 +0000 Subject: configs: Move sample config files into a subdirectory of configs This moves all samples configs from configs/ to configs/samples. This allows for additional sets of sample configuration files to be added in the future. Review: https://reviewboard.asterisk.org/r/3804/ git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@418870 65c4cc65-6c06-0410-ace0-fbb531ad65f3 --- configs/samples/cli_permissions.conf.sample | 82 +++++++++++++++++++++++++++++ 1 file changed, 82 insertions(+) create mode 100644 configs/samples/cli_permissions.conf.sample (limited to 'configs/samples/cli_permissions.conf.sample') diff --git a/configs/samples/cli_permissions.conf.sample b/configs/samples/cli_permissions.conf.sample new file mode 100644 index 000000000..4a6973f50 --- /dev/null +++ b/configs/samples/cli_permissions.conf.sample @@ -0,0 +1,82 @@ +; +; CLI permissions configuration example for Asterisk +; +; All the users that you want to connect with asterisk using +; rasterisk, should have write/read access to the +; asterisk socket (asterisk.ctl). You could change the permissions +; of this file in 'asterisk.conf' config parameter: 'astctlpermissions' (0666) +; found on the [files] section. +; +; general options: +; +; default_perm = permit | deny +; This is the default permissions to apply for a user that +; does not has a permissions definided. +; +; user options: +; permit = | all ; allow the user to run 'command' | +; ; allow the user to run 'all' the commands +; deny = | all ; disallow the user to run 'command' | +; ; disallow the user to run 'all' commands. +; + +[general] + +default_perm=permit ; To leave asterisk working as normal + ; we should set this parameter to 'permit' +; +; Follows the per-users permissions configs. +; +; This list is read in the sequence that is being written, so +; In this example the user 'eliel' is allow to run only the following +; commands: +; sip show peer +; core set debug +; core set verbose +; If the user is not specified, the default_perm option will be apply to +; every command. +; +; Notice that you can also use regular expressions to allow or deny access to a +; certain command like: 'core show application D*'. In this example the user will be +; allowed to view the documentation for all the applications starting with 'D'. +; Another regular expression could be: 'channel originate SIP/[0-9]* extension *' +; allowing the user to use 'channel originate' on a sip channel and with the 'extension' +; parameter and avoiding the use of the 'application' parameter. +; +; We can also use the templates syntax: +; [supportTemplate](!) +; deny=all +; permit=sip show ; all commands starting with 'sip show' will be allowed +; permit=core show +; +; You can specify permissions for a local group instead of a user, +; just put a '@' and we will know that is a group. +; IMPORTANT NOTE: Users permissions overwrite group permissions. +; +;[@adm] +;deny=all +;permit=sip +;permit=core +; +; +;[eliel] +;deny=all +;permit=sip show peer +;deny=sip show peers +;permit=core set +; +; +;User 'tommy' inherits from template 'supportTemplate': +; deny=all +; permit=sip show +; permit=core show +;[tommy](supportTemplate) +;permit=core set debug +;permit=dialplan show +; +; +;[mark] +;deny=all +;permit=all +; +; -- cgit v1.2.3