[asterisk-users] Is there a way to remove launching shell command from Asterisk CLI
johnkiniston at gmail.com
Tue Aug 14 12:50:38 CDT 2018
I use sudo to limit this.
Cmnd_Alias CAPTAGENT = /sbin/service captagent stop, /sbin/service
captagent start, /sbin/service captagent restart
Cmnd_Alias ASTERISK = /sbin/service asterisk stop, /sbin/service asterisk
start, /sbin/service asterisk restart, /usr/sbin/rasterisk,
Cmnd_Alias EDITORS = /bin/nano, /etc/asterisk/[A-z]*, /usr/bin/vim
%pbxadmin ALL = (root) NOEXEC: EDITORS, ASTERISK, CAPTAGENT
This prevents my admin users from being able to spawn a shell or subprocess
from vim, nano, and the asterisk console.
On Tue, Aug 14, 2018 at 7:43 AM Olivier <oza.4h07 at gmail.com> wrote:
> Is there a way to let someone access to Asterisk CLI and type whatever
> command (s)he likes but the shell command (the ones started by !) ?
> Ideally, it could be an argument to rasterisk:
> rasterisk --no-shell
> When done, a session could be like this:
> > pjsip show endpoints
> > core reload
> > !rm /etc/foobar
> Suggestions ?
> Best regards
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> Check out the new Asterisk community forum at:
> New to Asterisk? Start here:
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
A human being should be able to change a diaper, plan an invasion, butcher
a hog, conn a ship, design a building, write a sonnet, balance accounts,
build a wall, set a bone, comfort the dying, take orders, give orders,
cooperate, act alone, solve equations, analyze a new problem, pitch manure,
program a computer, cook a tasty meal, fight efficiently, die gallantly.
Specialization is for insects.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the asterisk-users