Create linux user in FreePBX's OS

I am running FreePBX on the SHMZ release 6.6 (Final) operating system.
I want to create a login user account with the permission to do the following:
1- Copy a file to /tmp directory
2- Move the file from /tmp directory to /var/spool/asterisk/outgoing/
The file is owned by the asterisk user.
What is the best way to archive this?

p/s: an trying to automate an auto dial out phone call for alerting.

The new user must at least be a member of the asterisk group.

Is there a way to hard code the specific allow to run commands in the /etc/sudoers file?

Only by hardcoding such permissions in /etc/sudoers :slight_smile:

How do I hardcode the copy, chown, and move allow to run in /etc/sudoer?

You don’t you read basic linux tutorials, and then if necesary then you further read

man cp
man chown
man mv

you can find the absolute location of binaries with

which cp
which chown
which mv

as sudoers needs absolute paths

I know how to allow user account to perform specific task in the sudoer file. For example, the section makecall ALL = (ALL) NOPASSWD:/etc/init.d/apache
will allow the makecall user to perform stop/start/restart on the apache service.
The section adding a ! in front of location of binaries in the line will block the user from executing the operation. For example, the section !/usr/bin/passwd will block the makecall user from changing anyone password.
In security best practice, allow user just enough right to do what the user need to do.
With that being said, within the /etc/sudoers how do I block the user account from executing all commands except for cp, chown and mv?

Simply don’t allow it, ALL = (ALL) is too permissive
simply allow



youruser localhost = NOPASSWD: /bin/mv, /bin/chown, /bin/cp

seriously, it’s all in the FM

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.