[asterisk-users] giving a user asterisk CLI access: how bad could it get

Alexander Lopez Alex.Lopez at OpSys.com
Sat Nov 1 18:52:41 CDT 2008


No need to compile "!" out of asterisk source....

Just put SHELL=/bin/false in your login script....

The ! command will not work...

Alex


 Kindly consider the environment before printing this e-mail.


> -----Original Message-----
> From: asterisk-users-bounces at lists.digium.com [mailto:asterisk-users-
> bounces at lists.digium.com] On Behalf Of Jeff LaCoursiere
> Sent: Friday, October 31, 2008 9:52 PM
> To: Asterisk Users Mailing List - Non-Commercial Discussion
> Subject: Re: [asterisk-users] giving a user asterisk CLI access: how bad
> could it get
> 
> 
> I think everyone is missing the point of the question.  He wants to know
> if the user's shell is set to rasterisk, can they then use the CLI to get
> a command shell.
> 
> The answer is "yes, they can", and in that case it may not be such a
> good idea.  As someone else suggested, you can run a shell with "!".  I
> imagine this could be compiled out of the CLI if you were so inclined.
> 
> j
> 
> On Sat, 1 Nov 2008, Tzafrir Cohen wrote:
> 
> > On Sat, Nov 01, 2008 at 12:38:52AM +0100, Dima wrote:
> > > Setting the user's shell to /usr/sbin/rasterisk works. On login user
> > > gets into asterisk CLI if asterisk is running (user just has to have
> > > write permission to /var/lib/asterisk.*).
> >
> > How does that user "login"?
> >
> > --
> >                Tzafrir Cohen
> > icq#16849755              jabber:tzafrir.cohen at xorcom.com
> > +972-50-7952406           mailto:tzafrir.cohen at xorcom.com
> > http://www.xorcom.com  iax:guest at local.xorcom.com/tzafrir
> >
> > _______________________________________________
> > -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> >
> > asterisk-users mailing list
> > To UNSUBSCRIBE or update options visit:
> >    http://lists.digium.com/mailman/listinfo/asterisk-users
> > *** Handled by Will's new toy ***
> >
> 
> _______________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> 
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users


More information about the asterisk-users mailing list