Hi, I configured Asterisk to run as "asterisk" user, but I see that a user can anyway get a root sheet using !command in CLI. I understood that it's something related to safe_asterisk and TTY console, but modifying the script safe_asterisk I wasn't able to disable this root access. Can someone help me? Thanks. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20070212/30934142/attachment-0001.htm
On Mon, Feb 12, 2007 at 10:36:51AM +0100, jeremij jerome wrote:> Hi, > > I configured Asterisk to run as "asterisk" user, but I see that a user can > anyway get a root sheet using !command in CLI. I understood that it's > something related to safe_asterisk and TTY console, but modifying the script > safe_asterisk I wasn't able to disable this root access. > > Can someone help me?Why exactly do you need it? That '!' is only an escape to the shell of the user who runs asterisk -r. It is not an actual command sent over the socket. -- Tzafrir Cohen icq#16849755 jabber:tzafrir@jabber.org +972-50-7952406 mailto:tzafrir.cohen@xorcom.com http://www.xorcom.com iax:guest@local.xorcom.com/tzafrir
Try changing the shell for the asterisk user to /bin/false. This should disallow anything passed through the ! command since it runs the command via the shell for the asterisk user. jeremij jerome wrote:> Hi, > > I configured Asterisk to run as "asterisk" user, but I see that a user > can anyway get a root sheet using !command in CLI. I understood that > it's something related to safe_asterisk and TTY console, but modifying > the script safe_asterisk I wasn't able to disable this root access. > > Can someone help me? > > Thanks.
You have people administering your asterisk server who you wouldn't trust with access to the machine? EEEK. On 2/12/07, jeremij jerome <jeremij@gmail.com> wrote:> > Hi, > > I configured Asterisk to run as "asterisk" user, but I see that a user can > anyway get a root sheet using !command in CLI. I understood that it's > something related to safe_asterisk and TTY console, but modifying the script > safe_asterisk I wasn't able to disable this root access. > > Can someone help me? > > Thanks. > > > > > > _______________________________________________ > --Bandwidth and Colocation provided by Easynews.com -- > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users > >-------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20070212/2b175a7e/attachment-0001.htm