asterisk/configs/samples/cli_permissions.conf.sample

83 lines
2.4 KiB
Plaintext
Raw Normal View History

2023-05-25 18:45:57 +00:00
;
; CLI permissions configuration example for Asterisk
;
; All the users that you want to connect with asterisk using
; rasterisk, should have write/read access to the
; asterisk socket (asterisk.ctl). You could change the permissions
; of this file in 'asterisk.conf' config parameter: 'astctlpermissions' (0666)
; found on the [files] section.
;
; general options:
;
; default_perm = permit | deny
; This is the default permissions to apply for a user that
; does not has a permissions defined.
;
; user options:
; permit = <command name> | all ; allow the user to run 'command' |
; ; allow the user to run 'all' the commands
; deny = <command name> | all ; disallow the user to run 'command' |
; ; disallow the user to run 'all' commands.
;
[general]
default_perm=permit ; To leave asterisk working as normal
; we should set this parameter to 'permit'
;
; Follows the per-users permissions configs.
;
; This list is read in the sequence that is being written, so
; In this example the user 'eliel' is allow to run only the following
; commands:
; sip show peer
; core set debug
; core set verbose
; If the user is not specified, the default_perm option will be apply to
; every command.
;
; Notice that you can also use regular expressions to allow or deny access to a
; certain command like: 'core show application D*'. In this example the user will be
; allowed to view the documentation for all the applications starting with 'D'.
; Another regular expression could be: 'channel originate SIP/[0-9]* extension *'
; allowing the user to use 'channel originate' on a sip channel and with the 'extension'
; parameter and avoiding the use of the 'application' parameter.
;
; We can also use the templates syntax:
; [supportTemplate](!)
; deny=all
; permit=sip show ; all commands starting with 'sip show' will be allowed
; permit=core show
;
; You can specify permissions for a local group instead of a user,
; just put a '@' and we will know that is a group.
; IMPORTANT NOTE: Users permissions overwrite group permissions.
;
;[@adm]
;deny=all
;permit=sip
;permit=core
;
;
;[eliel]
;deny=all
;permit=sip show peer
;deny=sip show peers
;permit=core set
;
;
;User 'tommy' inherits from template 'supportTemplate':
; deny=all
; permit=sip show
; permit=core show
;[tommy](supportTemplate)
;permit=core set debug
;permit=dialplan show
;
;
;[mark]
;deny=all
;permit=all
;
;