I use sudo to limit this. Cmnd_Alias CAPTAGENT = /sbin/service captagent stop, /sbin/service captagent start, /sbin/service captagent restart Cmnd_Alias ASTERISK = /sbin/service asterisk stop, /sbin/service asterisk start, /sbin/service asterisk restart, /usr/sbin/rasterisk, /usr/sbin/asterisk, /usr/sbin/tcpdump Cmnd_Alias EDITORS = /bin/nano, /etc/asterisk/[A-z]*, /usr/bin/vim /etc/asterisk/[A-z]*
%pbxadmin ALL = (root) NOEXEC: EDITORS, ASTERISK, CAPTAGENT This prevents my admin users from being able to spawn a shell or subprocess from vim, nano, and the asterisk console. On Tue, Aug 14, 2018 at 7:43 AM Olivier <[email protected]> wrote: > Hello, > > Is there a way to let someone access to Asterisk CLI and type whatever > command (s)he likes but the shell command (the ones started by !) ? > > Ideally, it could be an argument to rasterisk: > > rasterisk --no-shell > > When done, a session could be like this: > > > pjsip show endpoints > ... > > core reload > ... > > !rm /etc/foobar > Forbidden > > Suggestions ? > > Best regards > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > Check out the new Asterisk community forum at: > https://community.asterisk.org/ > > New to Asterisk? Start here: > https://wiki.asterisk.org/wiki/display/AST/Getting+Started > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users -- A human being should be able to change a diaper, plan an invasion, butcher a hog, conn a ship, design a building, write a sonnet, balance accounts, build a wall, set a bone, comfort the dying, take orders, give orders, cooperate, act alone, solve equations, analyze a new problem, pitch manure, program a computer, cook a tasty meal, fight efficiently, die gallantly. Specialization is for insects. ---Heinlein
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
