Re: [asterisk-users] AMI Permissions, all means different things?
2012-09-07 16:13, David M. Lee skrev: On Sep 7, 2012, at 1:49 AM, Johan Wilfer wrote: Hi! I'm trying to limit the permissions for a AMI-account. But I'm a little bit confused by the permissions. The commands I use are (output from manager show commands, btw: privilege col seems cropped?): Yes, sadly it is. Action PrivilegeSynopsis Redirect call,all Redirect (transfer) a call. Originateoriginate,allOriginate a call. Getvar call,reporting, Gets a channel variable. If I put this in my manager.conf: [pbx_ami] secret = *** deny=0.0.0.0/0.0.0.0 permit = x.x.x.x/255.255.255.255 write=originate,call read= I get this (manager show user pbx_ami): username: pbx_ami secret: Set acl: yes read perm: none write perm: call,originate,all displayconnects: yes Where does the all permission come from? Probably just a bug in the 'manager show user' command. The user doesn't have all the permissions, so 'all' shouldn't show up in the list. If it's not already in the issue tracker, please file a bug[1]. [1]: https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines However, If I change the row in manager.conf to write=originate,call,all the output is: username: pbx_ami secret: Set acl: yes read perm: none write perm: system,call,log,verbose,command,agent,user,config,dtmf,reporting,cdr,dialplan,originate,agi,cc,aoc,test,all displayconnects: yes Can someone explain this please? This is at least looks correct. The 'all' permission is a superset of, well, all the permissions. The 'write=all' line in manager.conf assigns all of these permissions to the user. Thanks! -- Johan Wilfer Thank you David for the feedback. I reported the following bugs: https://issues.asterisk.org/jira/browse/ASTERISK-20397 (all bug) https://issues.asterisk.org/jira/browse/ASTERISK-20396 (cropped col) -- Johan Wilfer -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] AMI Permissions, all means different things?
On Sep 10, 2012, at 2:38 AM, Johan Wilfer wrote: Thank you David for the feedback. I reported the following bugs: https://issues.asterisk.org/jira/browse/ASTERISK-20397 (all bug) https://issues.asterisk.org/jira/browse/ASTERISK-20396 (cropped col) Thanks! -- David M. Lee Digium, Inc. | Software Developer 445 Jan Davis Drive NW - Huntsville, AL 35806 - USA Check us out at: www.digium.com www.asterisk.org -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] AMI Permissions, all means different things?
Hi! I'm trying to limit the permissions for a AMI-account. But I'm a little bit confused by the permissions. The commands I use are (output from manager show commands, btw: privilege col seems cropped?): Action PrivilegeSynopsis Redirect call,all Redirect (transfer) a call. Originateoriginate,allOriginate a call. Getvar call,reporting, Gets a channel variable. If I put this in my manager.conf: [pbx_ami] secret = *** deny=0.0.0.0/0.0.0.0 permit = x.x.x.x/255.255.255.255 write=originate,call read= I get this (manager show user pbx_ami): username: pbx_ami secret: Set acl: yes read perm: none write perm: call,originate,all displayconnects: yes Where does the all permission come from? However, If I change the row in manager.conf to write=originate,call,all the output is: username: pbx_ami secret: Set acl: yes read perm: none write perm: system,call,log,verbose,command,agent,user,config,dtmf,reporting,cdr,dialplan,originate,agi,cc,aoc,test,all displayconnects: yes Can someone explain this please? Thanks! -- Johan Wilfer -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] AMI Permissions, all means different things?
On Sep 7, 2012, at 1:49 AM, Johan Wilfer wrote: Hi! I'm trying to limit the permissions for a AMI-account. But I'm a little bit confused by the permissions. The commands I use are (output from manager show commands, btw: privilege col seems cropped?): Yes, sadly it is. Action PrivilegeSynopsis Redirect call,all Redirect (transfer) a call. Originateoriginate,allOriginate a call. Getvar call,reporting, Gets a channel variable. If I put this in my manager.conf: [pbx_ami] secret = *** deny=0.0.0.0/0.0.0.0 permit = x.x.x.x/255.255.255.255 write=originate,call read= I get this (manager show user pbx_ami): username: pbx_ami secret: Set acl: yes read perm: none write perm: call,originate,all displayconnects: yes Where does the all permission come from? Probably just a bug in the 'manager show user' command. The user doesn't have all the permissions, so 'all' shouldn't show up in the list. If it's not already in the issue tracker, please file a bug[1]. [1]: https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines However, If I change the row in manager.conf to write=originate,call,all the output is: username: pbx_ami secret: Set acl: yes read perm: none write perm: system,call,log,verbose,command,agent,user,config,dtmf,reporting,cdr,dialplan,originate,agi,cc,aoc,test,all displayconnects: yes Can someone explain this please? This is at least looks correct. The 'all' permission is a superset of, well, all the permissions. The 'write=all' line in manager.conf assigns all of these permissions to the user. Thanks! -- Johan Wilfer -- David M. Lee Digium, Inc. | Software Developer 445 Jan Davis Drive NW - Huntsville, AL 35806 - USA Check us out at: www.digium.com www.asterisk.org -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users