[asterisk-users] Is there a way to remove launching shell command from Asterisk CLI

John Kiniston johnkiniston at gmail.com
Tue Aug 14 12:50:38 CDT 2018

I use sudo to limit this.

Cmnd_Alias CAPTAGENT = /sbin/service captagent stop, /sbin/service
captagent start, /sbin/service captagent restart
Cmnd_Alias ASTERISK = /sbin/service asterisk stop, /sbin/service asterisk
start, /sbin/service asterisk restart, /usr/sbin/rasterisk,
/usr/sbin/asterisk, /usr/sbin/tcpdump
Cmnd_Alias EDITORS = /bin/nano, /etc/asterisk/[A-z]*, /usr/bin/vim


This prevents my admin users from being able to spawn a shell or subprocess
from vim, nano, and the asterisk console.

On Tue, Aug 14, 2018 at 7:43 AM Olivier <oza.4h07 at gmail.com> wrote:

> Hello,
> Is there a way to let someone access to Asterisk CLI and type whatever
> command (s)he likes but the shell command (the ones started by !) ?
> Ideally, it could be an argument to rasterisk:
> rasterisk --no-shell
> When done, a session could be like this:
> > pjsip show endpoints
> ...
> > core reload
> ...
> > !rm /etc/foobar
> Forbidden
> Suggestions ?
> Best regards
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> Check out the new Asterisk community forum at:
> https://community.asterisk.org/
> New to Asterisk? Start here:
>       https://wiki.asterisk.org/wiki/display/AST/Getting+Started
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users

A human being should be able to change a diaper, plan an invasion, butcher
a hog, conn a ship, design a building, write a sonnet, balance accounts,
build a wall, set a bone, comfort the dying, take orders, give orders,
cooperate, act alone, solve equations, analyze a new problem, pitch manure,
program a computer, cook a tasty meal, fight efficiently, die gallantly.
Specialization is for insects.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20180814/bf39e6b9/attachment.html>

More information about the asterisk-users mailing list