asterisk users - Oct 2008 - giving a user asterisk CLI access: how bad could it get

Hi, everyone

I'm investigating if I could give asterisk CLI access to one of our
clients.
If I add that user to asterisk group and set his shell
to /usr/sbin/rasterisk, is there a possibility for a user to brake our
of asterisk CLI to normal shell?

Thanks in advance

Hi!
   I think I saw a command "!", which would escape to a shell. But
I'm not
sure. Unfortunitely I can't look it up at the moment, because I compiled my 
asterisk for full debug. Just enter your CLI and type <TAB><TAB> at
the
prompt. I think I only saw this in the latest SVN.
   But your client could do anything with asterisk, even shutting it down.
   Kindest regards
         Julien

--------
Music was my first love and it will be my last (John Miles)

======== FIND MY WEB-PROJECT AT: =======http://ltsb.sourceforge.net
the Linux TextBased Studio guide
======= AND MY PERSONAL PAGES AT: ======http://www.juliencoder.de

On Fri, Oct 31, 2008 at 11:11:08AM +0100, fadey wrote:
> Hi, everyone
> 
> I'm investigating if I could give asterisk CLI access to one of our
> clients.
> If I add that user to asterisk group and set his shell
> to /usr/sbin/rasterisk, is there a possibility for a user to brake our
> of asterisk CLI to normal shell?
The shell is something that should be run at login time. Asterisk is not
such a program. It will not be run directly anyway. Set the shell to
either /bin/sh (/bin/bash , /bin/dash , whatever) if you want to allow
that user to login, or to /bin/false if you don't .

-- 
               Tzafrir Cohen
icq#16849755              jabber:tzafrir.cohen at xorcom.com
+972-50-7952406           mailto:tzafrir.cohen at xorcom.com
http://www.xorcom.com  iax:guest at local.xorcom.com/tzafrir