[asterisk-users] giving a user asterisk CLI access: how bad could it get

Jeff LaCoursiere jeff at jeff.net
Tue Nov 4 16:02:40 CST 2008

On Tue, 4 Nov 2008, Dima wrote:

> The person I'm giving the access to is an admin of that asterisk. It's
> up to him to do evil stuff with asterisk itself. as long as he can't get
> a shell and do "rm -rf /" I'm safe.

Hmm, I wonder if you could run asterisk in a jail?  Anyone done that on
FreeBSD for example?  That would solve your issues I think.  It would
certainly be difficult for your admin to "admin" asterisk without the CLI.
Depending on your flavor of GUI it may be difficult for him to admin
asterisk with shell access.

Without a jail, however, if you give him CLI access you are basically
giving him the machine, which seems to be the general consensus.

Has anyone ever tried to compile "!" out of the CLI?


More information about the asterisk-users mailing list