I am running FreePBX 13.0.194.10 on the SHMZ release 6.6 (Final) operating system.
I want to create a login user account with the permission to do the following:
1- Copy a __.call file to /tmp directory
2- Move the __.call file from /tmp directory to /var/spool/asterisk/outgoing/
The __.call file is owned by the asterisk user.
What is the best way to archive this?
p/s: an trying to automate an auto dial out phone call for alerting.
I know how to allow user account to perform specific task in the sudoer file. For example, the section makecall ALL = (ALL) NOPASSWD:/etc/init.d/apache
will allow the makecall user to perform stop/start/restart on the apache service.
The section adding a ! in front of location of binaries in the line will block the user from executing the operation. For example, the section !/usr/bin/passwd will block the makecall user from changing anyone password.
In security best practice, allow user just enough right to do what the user need to do.
With that being said, within the /etc/sudoers how do I block the user account from executing all commands except for cp, chown and mv?