[asterisk-users] giving a user asterisk CLI access: how bad could it get
Tzafrir Cohen
tzafrir.cohen at xorcom.com
Wed Nov 5 07:50:02 CST 2008
On Wed, Nov 05, 2008 at 06:37:09AM -0600, Jeff LaCoursiere wrote:
>
> On Wed, 5 Nov 2008, Tzafrir Cohen wrote:
>
> > On Tue, Nov 04, 2008 at 04:02:40PM -0600, Jeff LaCoursiere wrote:
> >
> > >
> > > Hmm, I wonder if you could run asterisk in a jail? Anyone done that on
> > > FreeBSD for example? That would solve your issues I think. It would
> > > certainly be difficult for your admin to "admin" asterisk without the CLI.
> > > Depending on your flavor of GUI it may be difficult for him to admin
> > > asterisk with shell access.
> >
> > I don't think Asterisk is a good candidate for chrooting. It re-reads
> > the config files in /etc on each reload. It will occasionally rotates
> > logs in /var/log/asterisk . Just to mention a few.
Not to mention loading modules dynamically, which also means that all
the dependent libraries need to be included in the relevant chroot
(unless you build Asterisk static)
> >
>
> These are trivial issues that would be part of the jail setup. Things
> like access to /proc or filesystem based pipes would worry me more.
/var/run/asterisk/asterisk.ctl ?
Though it is only open at startup.
> FreeBSD provides for some of this - don't know about Linux.
openvz / linux-vserver are quite similar.
--
Tzafrir Cohen
icq#16849755 jabber:tzafrir.cohen at xorcom.com
+972-50-7952406 mailto:tzafrir.cohen at xorcom.com
http://www.xorcom.com iax:guest at local.xorcom.com/tzafrir
More information about the asterisk-users
mailing list