Re: [asterisk-users] AMI Permissions, "all" means different things?

Mon, 10 Sep 2012 00:38:45 -0700 

2012-09-07 16:13, David M. Lee skrev:

On Sep 7, 2012, at 1:49 AM, Johan Wilfer wrote:


Hi!

I'm trying to limit the permissions for a AMI-account. But I'm a little bit confused by 
the permissions. The commands I use are (output from "manager show commands", 
btw: privilege col seems cropped?):


Yes, sadly it is.


  Action           Privilege        Synopsis
  Redirect         call,all         Redirect (transfer) a call.
  Originate        originate,all    Originate a call.
  Getvar           call,reporting,  Gets a channel variable.


If I put this in my manager.conf:

[pbx_ami]
secret = ***
deny=0.0.0.0/0.0.0.0
permit = x.x.x.x/255.255.255.255
write=originate,call
read=


I get this ("manager show user pbx_ami"):

       username: pbx_ami
         secret: <Set>
            acl: yes
      read perm: <none>
     write perm: call,originate,all
displayconnects: yes

Where does the "all" permission come from?


Probably just a bug in the 'manager show user' command. The user doesn't have 
all the permissions, so 'all' shouldn't show up in the list. If it's not 
already in the issue tracker, please file a bug[1].

  [1]: https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines


However, If I change the row in manager.conf to "write=originate,call,all" the 
output is:

       username: pbx_ami
         secret: <Set>
            acl: yes
      read perm: <none>
     write perm: 
system,call,log,verbose,command,agent,user,config,dtmf,reporting,cdr,dialplan,originate,agi,cc,aoc,test,all
displayconnects: yes

Can someone explain this please?


This is at least looks correct. The 'all' permission is a superset of, well, 
all the permissions. The 'write=all' line in manager.conf assigns all of these 
permissions to the user.


Thanks!

--
Johan Wilfer




Thank you David for the feedback.

I reported the following bugs:

https://issues.asterisk.org/jira/browse/ASTERISK-20397 (all bug)
https://issues.asterisk.org/jira/browse/ASTERISK-20396 (cropped col)


--
Johan Wilfer

--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
              http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
  http://lists.digium.com/mailman/listinfo/asterisk-users

Reply via email to