Is there a way to create a limited Linux user and decide on the commands they could run? For example only allow them to run a list of commands found in a certain file?
fwconsole chown
yum update -y
fwconsole ma upgradeall
Do I need an asterisk restart for this to take place you think? At the bottom of /etc/sudoers I have the following:
tech ALL= /usr/sbin/fwconsole chown,/usr/bin/yum update,/usr/sbin/fwconsole ma upgradeall
but when I run one of the commands logged in as tech I see the following:
[tech@freepbx ~]$ fwconsole chown
PHP Warning: include_once(/etc/freepbx.conf): failed to open stream: Permission denied in /var/lib/asterisk/bin/fwconsole on line 12
PHP Warning: include_once(): Failed opening '/etc/freepbx.conf' for inclusion ( include_path='.:/usr/share/pear:/usr/share/php') in /var/lib/asterisk/bin/fwcons ole on line 12
PHP Fatal error: Class 'Symfony\Component\Console\Application' not found in /va r/www/html/admin/libraries/FWApplication.class.php on line 11
[tech@freepbx ~]$ fwconsole ma upgradeall
PHP Warning: include_once(/etc/freepbx.conf): failed to open stream: Permission denied in /var/lib/asterisk/bin/fwconsole on line 12
PHP Warning: include_once(): Failed opening '/etc/freepbx.conf' for inclusion ( include_path='.:/usr/share/pear:/usr/share/php') in /var/lib/asterisk/bin/fwcons ole on line 12
PHP Fatal error: Class 'Symfony\Component\Console\Application' not found in /va r/www/html/admin/libraries/FWApplication.class.php on line 11
Matching Defaults entries for tech on freepbx:
!visiblepw, always_set_home, match_group_by_gid, always_query_group_plugin, env_reset, env_keep="COLORS
DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS", env_keep+="MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS
LC_CTYPE", env_keep+="LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES", env_keep+="LC_MONETARY
LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE", env_keep+="LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET
XAUTHORITY", secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin
User tech may run the following commands on freepbx:
(root) /usr/sbin/fwconsole chown, /usr/bin/yum update, /usr/sbin/fwconsole ma upgradeall