User base isdnlog config file
This file is only needed if isdnlog is started with the "-xX" / "xisdn=" option. If this file does not exist, isdnlog will create a default file and print a warning. This file contains information about which users are permitted to use isdnlog clients, and what their privileges are. This file is checked every time a connection to isdnlog is made; thus, it is possible to edit this file and have the changes effective immediately without having to stop and start isdnlog.
For now there are no real usable clients for isdnlog, so this file isn't very useful at the moment.
Warning: the format of this file may change in the future.
Blank lines are ignored. If a line has a "#", this char and the rest of the line is ignored as comment. If the last char of a line is a " line and the next line are considered one line. These characters are considered special: "$@#,;
The file consists of lines; each line begins with the name of a user. After the user's name the privileges given to this user are specified (on the same line). The following privileges are possible, separated by semicolons ";" :
ALL
All of the privileges below are given. Should only be given to root.
MSN=msn[,msn...]
Only information about events concerning the specified msns is given. This includes incoming and outgoing calls, and protocol information. Any number of msns may be given. Wildcards (such as used in isdn.conf) are permitted. With "MSN=*" all msns are allowed.
Unknown numbers (e.g. from outgoing calls from other isdn devices or incoming calls from analog connections) cannot be specified with MSN=. The only way to allow these calls to be seen is by giving "MSN=*".
PROTOCOL
The information specified to isdnlog by the -xX flag (see isdnlog(8)) is allowed.
I4LCONF (planned)
This gives permission to change isdn4linux properties. This should only be allowed to root.
ADDRESSBOOK (planned)
This makes it possible to retrieve / store information about a caller or called number.
Users
At the beginning of the file it is possible to specify users with hostnames:
[email protected] MSN=4711? [email protected] ALL
Here the user "fred" can only connect to isdnlog from the host "vom.jupiter". Similarly, the user "root" is only allowed when on host "host1.at.home".
Groups
After the lines with hostnames, it is possible to define groups of users and hostnames. A group looks like a section as described in isdn.conf(5). It begins with a line such as:
[My_Group]
and ends with the beginning of the next group or the end of the file. Group names are not case sensitive. In fact, group names are not actually used (except for [world], see below).
In a group, lines consist of a username or a hostname. Lines with a username must also contain those privileges that the user has. No privileges can be listed with a hostname.
heinz MSN=*;PROTOCOL @host1 @host2 otto MSN=47111,47112 @host3
The above example allows the users heinz and otto to connect from any of the hosts host1, host2 and host3. The user heinz can see information about all msns, user otto can only see information about msns 47111 and 47112.
If anyone is allowed to do anything, then it is enough to put only the following line into the file "isdnlog.users":
[world]
/etc/isdn/isdnlog.users
This file.
isdnlog(1)
This manual page was written by Andreas Jellinghaus <[email protected]>, for Debian GNU/Linux and isdn4linux.