I am running FreePBX 13.0.194.10 on the SHMZ release 6.6 (Final) operating system.
I want to create a login user account with the permission to do the following:
1- Copy a __.call file to /tmp directory
2- Move the __.call file from /tmp directory to /var/spool/asterisk/outgoing/
The __.call file is owned by the asterisk user.
What is the best way to archive this?
p/s: an trying to automate an auto dial out phone call for alerting.
The new user must at least be a member of the asterisk group.
Is there a way to hard code the specific allow to run commands in the /etc/sudoers file?
Only by hardcoding such permissions in /etc/sudoers 
How do I hardcode the copy, chown, and move allow to run in /etc/sudoer?
You don’t you read basic linux tutorials, and then if necesary then you further read
man cp
man chown
man mv
you can find the absolute location of binaries with
which cp
which chown
which mv
as sudoers needs absolute paths
I know how to allow user account to perform specific task in the sudoer file. For example, the section makecall ALL = (ALL) NOPASSWD:/etc/init.d/apache
will allow the makecall user to perform stop/start/restart on the apache service.
The section adding a ! in front of location of binaries in the line will block the user from executing the operation. For example, the section !/usr/bin/passwd will block the makecall user from changing anyone password.
In security best practice, allow user just enough right to do what the user need to do.
With that being said, within the /etc/sudoers how do I block the user account from executing all commands except for cp, chown and mv?
Simply don’t allow it, ALL = (ALL) is too permissive
simply allow
/bin/mv
/bin/chown
/bin/cp
perhaps
youruser localhost = NOPASSWD: /bin/mv, /bin/chown, /bin/cp
seriously, it’s all in the FM
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.