Jerry Geis
2022-Jan-10 19:03 UTC
[asterisk-users] extensions.conf asterisk 18.8.0 question
I am trying to run this command: exten => _4XX,n,System(/usr/bin/rm /tmp/test.incoming.txt)>From the log:Executing [402 at smvoice-sip:7] System("SIP/103-00000018", "/usr/bin/rm /tmp/test.incoming.txt") in new stack Is "rm" not an allowed command - the above file is not removed. -rw-rw-rw- 1 silentm silentm 3 Jan 10 14:02 /tmp/test.incoming.txt Thanks! Jerry -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20220110/c5e6a84e/attachment.html>
Antony Stone
2022-Jan-10 19:10 UTC
[asterisk-users] extensions.conf asterisk 18.8.0 question
On Monday 10 January 2022 at 20:03:55, Jerry Geis wrote:> I am trying to run this command: > exten => _4XX,n,System(/usr/bin/rm /tmp/test.incoming.txt) > > From the log: > Executing [402 at smvoice-sip:7] System("SIP/103-00000018", "/usr/bin/rm > /tmp/test.incoming.txt") in new stack > > > Is "rm" not an allowed command - the above file is not removed. > -rw-rw-rw- 1 silentm silentm 3 Jan 10 14:02 /tmp/test.incoming.txt1. Does your asterisk instance run as user "silentm"? 2. What happens if you add the "-f" parameter to the "rm" command in the dialplan? 3. What does "sudo -u asteriskuser rm /tmp/test.incoming.txt" do, if you run it as the root user, and substituting whichever user your asterisk instance runs as in place of "asteriskuser"? Antony. -- A user interface is like a joke. If you have to explain it, it means it doesn't work. Please reply to the list; please *don't* CC me.
Michael Englehorn
2022-Jan-11 16:20 UTC
[asterisk-users] extensions.conf asterisk 18.8.0 question
If you're on RHEL or CentOS or one of its descendants, I would check if SELinux is enforcing (`sestatus` or `cat /etc/selinux/config` and look for "SELINUX=enforcing"), if it is, you'll probably need to create a policy to allow the Asterisk context to execute rm and/or delete files. I use `audit2why` and `audit2allow` in policycoreutils-devel (on CentOS) to generate SELinux policy modules. -Michael Englehorn ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Monday, January 10th, 2022 at 1:03 PM, Jerry Geis <jerry.geis at gmail.com> wrote:> I am trying to run this command: > exten => _4XX,n,System(/usr/bin/rm /tmp/test.incoming.txt) >> From the log: > Executing [402 at smvoice-sip:7] System("SIP/103-00000018", "/usr/bin/rm /tmp/test.incoming.txt") in new stack >> Is "rm" not an allowed command - the above file is not removed. > -rw-rw-rw- 1 silentm silentm 3 Jan 10 14:02 /tmp/test.incoming.txt >> Thanks! >> Jerry-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20220111/fc4a72df/attachment.html> -------------- next part -------------- A non-text attachment was scrubbed... Name: publickey - michael at englehorn.com - 0x8B2C043D.asc Type: application/pgp-keys Size: 1795 bytes Desc: not available URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20220111/fc4a72df/attachment.key> -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 509 bytes Desc: OpenPGP digital signature URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20220111/fc4a72df/attachment.sig>