Yes: I never thought of using sudo to also forbid access some apps. Using it for that is very smart ! Thank you for sharing it here.
I'll experiment with this and report here my findings. Thanks again 2018-08-14 19:50 GMT+02:00 John Kiniston <johnkinis...@gmail.com>: > I use sudo to limit this. > > Cmnd_Alias CAPTAGENT = /sbin/service captagent stop, /sbin/service > captagent start, /sbin/service captagent restart > Cmnd_Alias ASTERISK = /sbin/service asterisk stop, /sbin/service asterisk > start, /sbin/service asterisk restart, /usr/sbin/rasterisk, > /usr/sbin/asterisk, /usr/sbin/tcpdump > Cmnd_Alias EDITORS = /bin/nano, /etc/asterisk/[A-z]*, /usr/bin/vim > /etc/asterisk/[A-z]* > > %pbxadmin ALL = (root) NOEXEC: EDITORS, ASTERISK, CAPTAGENT > > This prevents my admin users from being able to spawn a shell or > subprocess from vim, nano, and the asterisk console. > > On Tue, Aug 14, 2018 at 7:43 AM Olivier <oza.4...@gmail.com> wrote: > >> Hello, >> >> Is there a way to let someone access to Asterisk CLI and type whatever >> command (s)he likes but the shell command (the ones started by !) ? >> >> Ideally, it could be an argument to rasterisk: >> >> rasterisk --no-shell >> >> When done, a session could be like this: >> >> > pjsip show endpoints >> ... >> > core reload >> ... >> > !rm /etc/foobar >> Forbidden >> >> Suggestions ? >> >> Best regards >> -- >> _____________________________________________________________________ >> -- Bandwidth and Colocation Provided by http://www.api-digital.com -- >> >> Check out the new Asterisk community forum at: >> https://community.asterisk.org/ >> >> New to Asterisk? Start here: >> https://wiki.asterisk.org/wiki/display/AST/Getting+Started >> >> asterisk-users mailing list >> To UNSUBSCRIBE or update options visit: >> http://lists.digium.com/mailman/listinfo/asterisk-users > > > > -- > A human being should be able to change a diaper, plan an invasion, butcher > a hog, conn a ship, design a building, write a sonnet, balance accounts, > build a wall, set a bone, comfort the dying, take orders, give orders, > cooperate, act alone, solve equations, analyze a new problem, pitch manure, > program a computer, cook a tasty meal, fight efficiently, die gallantly. > Specialization is for insects. > ---Heinlein > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > Check out the new Asterisk community forum at: https://community.asterisk. > org/ > > New to Asterisk? Start here: > https://wiki.asterisk.org/wiki/display/AST/Getting+Started > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users >
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
