[asterisk-users] giving a user asterisk CLI access: how bad could it get
jeff at jeff.net
Wed Nov 5 06:37:09 CST 2008
On Wed, 5 Nov 2008, Tzafrir Cohen wrote:
> On Tue, Nov 04, 2008 at 04:02:40PM -0600, Jeff LaCoursiere wrote:
> > Hmm, I wonder if you could run asterisk in a jail? Anyone done that on
> > FreeBSD for example? That would solve your issues I think. It would
> > certainly be difficult for your admin to "admin" asterisk without the CLI.
> > Depending on your flavor of GUI it may be difficult for him to admin
> > asterisk with shell access.
> I don't think Asterisk is a good candidate for chrooting. It re-reads
> the config files in /etc on each reload. It will occasionally rotates
> logs in /var/log/asterisk . Just to mention a few.
These are trivial issues that would be part of the jail setup. Things
like access to /proc or filesystem based pipes would worry me more.
FreeBSD provides for some of this - don't know about Linux.
More information about the asterisk-users