[asterisk-users] Is there a way to remove launching shell command from Asterisk CLI
oza.4h07 at gmail.com
Thu Aug 16 02:27:39 CDT 2018
Yes: I never thought of using sudo to also forbid access some apps.
Using it for that is very smart !
Thank you for sharing it here.
I'll experiment with this and report here my findings.
2018-08-14 19:50 GMT+02:00 John Kiniston <johnkiniston at gmail.com>:
> I use sudo to limit this.
> Cmnd_Alias CAPTAGENT = /sbin/service captagent stop, /sbin/service
> captagent start, /sbin/service captagent restart
> Cmnd_Alias ASTERISK = /sbin/service asterisk stop, /sbin/service asterisk
> start, /sbin/service asterisk restart, /usr/sbin/rasterisk,
> /usr/sbin/asterisk, /usr/sbin/tcpdump
> Cmnd_Alias EDITORS = /bin/nano, /etc/asterisk/[A-z]*, /usr/bin/vim
> %pbxadmin ALL = (root) NOEXEC: EDITORS, ASTERISK, CAPTAGENT
> This prevents my admin users from being able to spawn a shell or
> subprocess from vim, nano, and the asterisk console.
> On Tue, Aug 14, 2018 at 7:43 AM Olivier <oza.4h07 at gmail.com> wrote:
>> Is there a way to let someone access to Asterisk CLI and type whatever
>> command (s)he likes but the shell command (the ones started by !) ?
>> Ideally, it could be an argument to rasterisk:
>> rasterisk --no-shell
>> When done, a session could be like this:
>> > pjsip show endpoints
>> > core reload
>> > !rm /etc/foobar
>> Suggestions ?
>> Best regards
>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>> Check out the new Asterisk community forum at:
>> New to Asterisk? Start here:
>> asterisk-users mailing list
>> To UNSUBSCRIBE or update options visit:
> A human being should be able to change a diaper, plan an invasion, butcher
> a hog, conn a ship, design a building, write a sonnet, balance accounts,
> build a wall, set a bone, comfort the dying, take orders, give orders,
> cooperate, act alone, solve equations, analyze a new problem, pitch manure,
> program a computer, cook a tasty meal, fight efficiently, die gallantly.
> Specialization is for insects.
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> Check out the new Asterisk community forum at: https://community.asterisk.
> New to Asterisk? Start here:
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the asterisk-users