Thanks Lonnie. You are a star! I will give it a try. Regards Michael Knill
-----Original Message----- From: Lonnie Abelbeck <li...@lonnie.abelbeck.com> Reply-To: AstLinux List <astlinux-users@lists.sourceforge.net> Date: Monday, 29 May 2017 at 11:29 pm To: AstLinux List <astlinux-users@lists.sourceforge.net> Subject: Re: [Astlinux-users] Restricted Shell Michael, The problem running 'asterisk -rx ...' is a user's permissions issue, not rbash per se. pbx ~ # sudo -u staff asterisk -rx 'sip show peers' Unable to connect to remote asterisk (does /var/run/asterisk/asterisk.ctl exist?) This is probably a good thing :-) Here is something I created for you to play with, a PHP script wrapper to make Asterisk command calls using AMI ... (I recall Michael Keuter was interested in something like this as well) asterisk-command https://abelbeck.com/lonnie/share/asterisk-command.tar.gz Place it into /mnt/kd/rbin/ and your rbash users will have access to it. While I spent a little more time on this than I intended, it's not production ready until it is tested more. It should be clear how to add/remove allowed commands, be sure to update the "usage" as well. Lonnie Example: -- pbx [staff] $ asterisk-command Usage: asterisk-command command_string Allowed command strings: 'core show channels' - Display information on channels 'dahdi show status' - Show all DAHDI cards status 'sip show peers' - List defined SIP peers 'sip show registry' - List SIP registration status 'voicemail show users' - List defined voicemail boxes -- On May 28, 2017, at 11:45 PM, Michael Knill <michael.kn...@ipcsolutions.com.au> wrote: > Thanks Lonnie. > > Im actually trying to run asterisk –xr within a script and it comes up with > ‘Unable to connect to remote asterisk (does /var/run/asterisk/asterisk.ctl > exist?)’ > Any ideas? I have PATH="/usr/bin:/usr/sbin:/bin:/var/run/asterisk" > > Regards > Michael Knill > > -----Original Message----- > From: Lonnie Abelbeck <li...@lonnie.abelbeck.com> > Reply-To: AstLinux List <astlinux-users@lists.sourceforge.net> > Date: Monday, 29 May 2017 at 1:02 pm > To: AstLinux List <astlinux-users@lists.sourceforge.net> > Subject: Re: [Astlinux-users] Restricted Shell > > Hi Michael< > >> wondering if its possible to run a script within the restricted shell that >> contains commends not accessible by the restricted shell? > > Yes, for example I created a "restricted" grep in /usr/rbin/grep, take a look. > > As long as your script doesn't start out with "#!/bin/rbash" as the first > line you can change the PATH and do non-rbash things. > > Place your custom script in /mnt/kd/rbin and your /bin/rbash users will > automatically have access to it. > > Just be very careful so you don't create a backdoor, or allow rbash users to > view files, etc. . > > Lonnie > > > > > On May 28, 2017, at 7:59 PM, Michael Knill > <michael.kn...@ipcsolutions.com.au> wrote: > >> Hi group >> >> Well I have just updated my Build system to Asterisk 13 and 1.2.10. >> Im interested in playing with the Restricted Shell and wondering if its >> possible to run a script within the restricted shell that contains commends >> not accessible by the restricted shell? >> >> Regards >> Michael Knill > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org. ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
