On Sun, Sep 05, 2004 at 11:52:13PM +0200, Roland Zagler wrote: > Hello! > > I want to use "asterisk -rx "show version"" from a php script called in > the browser using the local apache, which runs as user "apache". > Asterisk is running as root. > > I added the following line to /etc/sudoers using visudo: > > apache ALL = NOPASSWD: /usr/sbin/asterisk
This should allow the user group known as "apache" to sudo to run the command "/usr/sbin/asterisk" (without any additional parameters). This is surely not what you want. Uless you want apache to be able to initiate starting an extra asterisk (or a DoS attack?) This is what you should put in sudoers: apache localhost = NOPASSWD: /usr/sbin/asterisk -rx 'show version' You should consider puting it in an external script if you feel that the command is getting too complex. And then you run it just as before, by executing "sudo /usr/sbin/asterisk -rx 'show version'" by the user apache. As for whether a direct tcp connection is better here: sorry: I have no idea. One thing, though: if you are afraid of any local user that can execute arbitrary code, that local user would be able to use the tcp interface in much nicer ways, right? -- Tzafrir Cohen +---------------------------+ http://www.technion.ac.il/~tzafrir/ |vim is a mutt's best friend| mailto:[EMAIL PROTECTED] +---------------------------+ _______________________________________________ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
