ASTERISK-20397: "manager show user <user>" shows the "all" permission despite it not being set

[Home]

Summary: ASTERISK-20397: "manager show user <user>" shows the "all" permission despite it not being set

Reporter: Johan Wilfer (johan) Labels:

Date Opened: 2012-09-10 02:34:57 Date Closed: 2013-02-24 10:28:18.000-0600

Priority: Minor Regression? No

Status: Closed/Complete Components: Core/ManagerInterface

Versions: 1.8.15.1 Frequency of
Occurrence Frequent

Related
Issues:

Environment: Attachments:

Description: If I put this in my manager.conf:

{noformat}
[pbx_ami]
secret = ***
deny=0.0.0.0/0.0.0.0
permit = x.x.x.x/255.255.255.255
write=originate,call
read=
{noformat}

I get this ("manager show user pbx_ami"):

{noformat}
username: pbx_ami
secret: <Set>
acl: yes
read perm: <none>
write perm: call,originate,all
displayconnects: yes
{noformat}

Notice the "all"-permission in the output, but not present in the config.

Comments: By: Rusty Newton (rnewton) 2012-09-15 14:43:06.950-0500

That looks odd. Can you provide your entire manager.conf (sanitized of course)?

What happens when you don't define any permissions for "write=" ?

By: Johan Wilfer (johan) 2012-09-15 15:19:26.418-0500

manager.conf
{noformat}
[general]
enabled = yes
port = 5038
bindaddr = 127.0.0.1

[pbx_ami]
secret = ***
deny=0.0.0.0/0.0.0.0
permit = 127.0.0.1/255.255.255.255
write=originate,call
read=
{noformat}

If I remove the write-line, and restart asterisk (sidenote: reload will not remove the previous write permission, but restart will). Also if I change the write-line to "write=", I get the same output.:
{noformat}
pbx1*CLI> manager show user pbx_ami

username: pbx_ami
secret: <Set>
acl: yes
read perm: <none>
write perm: <none>
displayconnects: yes
{noformat}

If I alter the write-line to "write=all", and reload:
{noformat}
pbx1*CLI> manager show user pbx_ami

username: pbx_ami
secret: <Set>
acl: yes
read perm: <none>
write perm: system,call,log,verbose,command,agent,user,config,dtmf,reporting,cdr,dialplan,originate,agi,cc,aoc,test,all
displayconnects: yes
{noformat}
By: Rusty Newton (rnewton) 2012-09-15 17:03:56.970-0500

I suppose this line "write=originate,callwrite=all" in your comment above is a typo within the comment?

Thanks for the extra information. I'd also be interested if you could get similar behavior with "read="
By: Johan Wilfer (johan) 2012-09-16 01:34:49.746-0500

Yes, you're right. I must accidentally have pasted this line into the config block. Edited and corrected now.

I see the same thing with read. For example, this config:
{noformat}
write=
read=originate,call
{noformat}

Gives:
{noformat}
read perm: call,originate,all
write perm: <none>
{noformat}

By: Johan Wilfer (johan) 2012-09-19 07:04:43.495-0500

Should this issue really be assigned to me?
By: Richard Mudgett (rmudgett) 2012-09-19 11:24:52.680-0500

It is a quirk of how the "Waiting For Feedback" state works when the issue is unassigned when put into the feedback state.