> Am 29.05.2017 um 15:29 schrieb Lonnie Abelbeck <li...@lonnie.abelbeck.com>: > > Michael, > > The problem running 'asterisk -rx ...' is a user's permissions issue, not > rbash per se. > > pbx ~ # sudo -u staff asterisk -rx 'sip show peers' > Unable to connect to remote asterisk (does /var/run/asterisk/asterisk.ctl > exist?) > > This is probably a good thing :-) > > Here is something I created for you to play with, a PHP script wrapper to > make Asterisk command calls using AMI ... > (I recall Michael Keuter was interested in something like this as well) > > asterisk-command > https://abelbeck.com/lonnie/share/asterisk-command.tar.gz > > Place it into /mnt/kd/rbin/ and your rbash users will have access to it. > > While I spent a little more time on this than I intended, it's not production > ready until it is tested more. > > It should be clear how to add/remove allowed commands, be sure to update the > "usage" as well. > > Lonnie > > Example: > -- > pbx [staff] $ asterisk-command > Usage: asterisk-command command_string > > Allowed command strings: > 'core show channels' - Display information on channels > 'dahdi show status' - Show all DAHDI cards status > 'sip show peers' - List defined SIP peers > 'sip show registry' - List SIP registration status > 'voicemail show users' - List defined voicemail boxes > --
Hi Lonnie, interesting approach :-), I haven't tested it yet. What would be interesting, apart from these commands, would be getting "simple" the Asterisk console "dialplan output" for simple troubleshooting. > On May 28, 2017, at 11:45 PM, Michael Knill > <michael.kn...@ipcsolutions.com.au> wrote: > >> Thanks Lonnie. >> >> Im actually trying to run asterisk –xr within a script and it comes up with >> ‘Unable to connect to remote asterisk (does /var/run/asterisk/asterisk.ctl >> exist?)’ >> Any ideas? I have PATH="/usr/bin:/usr/sbin:/bin:/var/run/asterisk" >> >> Regards >> Michael Knill >> >> -----Original Message----- >> From: Lonnie Abelbeck <li...@lonnie.abelbeck.com> >> Reply-To: AstLinux List <astlinux-users@lists.sourceforge.net> >> Date: Monday, 29 May 2017 at 1:02 pm >> To: AstLinux List <astlinux-users@lists.sourceforge.net> >> Subject: Re: [Astlinux-users] Restricted Shell >> >> Hi Michael< >> >>> wondering if its possible to run a script within the restricted shell that >>> contains commends not accessible by the restricted shell? >> >> Yes, for example I created a "restricted" grep in /usr/rbin/grep, take a >> look. >> >> As long as your script doesn't start out with "#!/bin/rbash" as the first >> line you can change the PATH and do non-rbash things. >> >> Place your custom script in /mnt/kd/rbin and your /bin/rbash users will >> automatically have access to it. >> >> Just be very careful so you don't create a backdoor, or allow rbash users to >> view files, etc. . >> >> Lonnie >> >> >> >> >> On May 28, 2017, at 7:59 PM, Michael Knill >> <michael.kn...@ipcsolutions.com.au> wrote: >> >>> Hi group >>> >>> Well I have just updated my Build system to Asterisk 13 and 1.2.10. >>> Im interested in playing with the Restricted Shell and wondering if its >>> possible to run a script within the restricted shell that contains commends >>> not accessible by the restricted shell? >>> >>> Regards >>> Michael Knill >> >> >> ------------------------------------------------------------------------------ >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> _______________________________________________ >> Astlinux-users mailing list >> Astlinux-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/astlinux-users >> >> Donations to support AstLinux are graciously accepted via PayPal to >> pay...@krisk.org. >> >> >> ------------------------------------------------------------------------------ >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> _______________________________________________ >> Astlinux-users mailing list >> Astlinux-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/astlinux-users >> >> Donations to support AstLinux are graciously accepted via PayPal to >> pay...@krisk.org. > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. Michael http://www.mksolutions.info ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
