> If you are running the script from a web server, the script gets
> executed with the web server process permissions, hence, probably does
> not have access to /var/run/asterisk.ctl.
>
> You can give permissions to your web server, or better yet, dont
> execute the command using shell_exec, better open a socket connection
> to the Asterisk manager and execute Action: Command
> Command: extensions reload
Not that, in essense, this permits the web server's user to control
Asterisk as well - the web server's user must be able to read the
password from somewhere.
The only real benefit is if you can limit the permissions you give to
that specific manager user. But there's a limit to ohw useful this can
be. Even "write=command" alone allows changing the dialplan ('dialplan
add' / 'dialplan remove') and running an arbitrary command as the
asterisk user (originate a call to the application System).
--
Tzafrir Cohen
icq#16849755 jabber:tzafrir.cohen@xorcom.com
+972-50-7952406 mailto:tzafrir.cohen@xorcom.com
iax:guest@local.xorcom.com/tzafrir
_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
No comments:
Post a Comment