Is There A Way To Remove Launching Shell Command From Asterisk CLI

Home » Asterisk Users » Is There A Way To Remove Launching Shell Command From Asterisk CLI
Asterisk Users 2 Comments

Hello,

Is there a way to let someone access to Asterisk CLI and type whatever command (s)he likes but the shell command (the ones started by !) ?

Ideally, it could be an argument to rasterisk:

rasterisk –no-shell

When done, a session could be like this:


… Forbidden

Suggestions ?

Best regards

2 thoughts on - Is There A Way To Remove Launching Shell Command From Asterisk CLI

  • I use sudo to limit this.

    Cmnd_Alias CAPTAGENT = /sbin/service captagent stop, /sbin/service captagent start, /sbin/service captagent restart Cmnd_Alias ASTERISK = /sbin/service asterisk stop, /sbin/service asterisk start, /sbin/service asterisk restart, /usr/sbin/rasterisk,
    /usr/sbin/asterisk, /usr/sbin/tcpdump Cmnd_Alias EDITORS = /bin/nano, /etc/asterisk/[A-z]*, /usr/bin/vim
    /etc/asterisk/[A-z]*

    %pbxadmin ALL = (root) NOEXEC: EDITORS, ASTERISK, CAPTAGENT

    This prevents my admin users from being able to spawn a shell or subprocess from vim, nano, and the asterisk console.

  • Yes: I never thought of using sudo to also forbid access some apps. Using it for that is very smart !
    Thank you for sharing it here.

    I’ll experiment with this and report here my findings. Thanks again

    2018-08-14 19:50 GMT+02:00 John Kiniston :