Why cannot start .sh form call

84bath · March 14, 2023, 2:34am

extensions_custom.conf

[wol]
exten => s,1,System(/usr/share/wol.sh arg1 arg2)
exten => s,n,Congestion
exten => h,1,Hangup

/usr/share/wol.sh

#！/bin/bash
ether-wake -i eth0 -b 1C:1B:1A:12:13:14
echo ok > /var/log/asterisk/wol.log

Misc Application & Misc Destinations are OK

Custom Destinations

Target = wol,s,1

##log
[2023-03-14 10:26:10] VERBOSE[2823][C-00000006] pbx.c: Executing [*17@from-internal:3] Goto(“PJSIP/1-00000000”, “wol,s,1”) in new stack
206 [2023-03-14 10:26:10] VERBOSE[2823][C-00000006] pbx_builtins.c: Goto (wol,s,1)
207 [2023-03-14 10:26:10] VERBOSE[2823][C-00000006] pbx.c: Executing [s@wol:1] System(“PJSIP/1-00000000”, “/usr/share/wol.sh arg1 arg2”) in new stack
208 [2023-03-14 10:26:10] VERBOSE[2823][C-00000006] pbx.c: Executing [s@wol:2] Congestion(“PJSIP/1-00000000”, “”) in new stack
209 [2023-03-14 10:26:10] VERBOSE[2823][C-00000006] pbx.c: Spawn extension (wol, s, 2) exited non-zero on ‘PJSIP/1-00000000’
210 [2023-03-14 10:26:10] VERBOSE[2823][C-00000006] pbx.c: Executing [h@wol:1] Hangup(“PJSIP/1-00000000”, “”) in new stack
211 [2023-03-14 10:26:10] VERBOSE[2823][C-00000006] pbx.c: Spawn extension (wol, h, 1) exited non-zero on ‘PJSIP/1-00000000’

Why I cannot use custom sh from call

dicko · March 14, 2023, 4:41am

Does the Asterisk user have execute rights on /usr/share/wol.sh and etherwake ?

(wakeonlan is probably easier to get working for a non privileged user)

david55 · March 14, 2023, 10:51am

Is the directory containing ether-wake in the PATH in the environment in which the shell is running?

Does the asterisk user have read rights on the shell script, as well as execute rights.

Note that the log provided gives no indication that anything went wrong.

84bath · March 14, 2023, 11:13am

Those file have permission
chown -R asterisk:asterisk /usr/share/wol.sh
chmod 777 /usr/share/wol.sh
chown -R asterisk:asterisk /usr/sbin/ether-wake
chomod 777 /usr/sbin/ether-wake

Now I can use *38 to execute curl url
but i cannot use *39 execute sh (Custom program)
It is normal to execute wol.sh manually

david55 · March 14, 2023, 11:35am

ether-wake can only be run as root, as it needs to do privileged, low level, ethernet operations.

This is a security vulnerability. Also if ether-wake had been made set user to allow anyone to use it, this would have broken that.

This is also a security vulnerability.

This command does not exist, and if correctly spelled would have created a security vulnerability any broken and setuser setting.

84bath · March 15, 2023, 8:07am

Thanks
Is there any way to execute privileged programs with dial

david55 · March 15, 2023, 10:58am

You need to add “on FreePBX”, as the easiest way, on Asterisk, is to run Asterisk as root.

There are other ways, but they always introduce security vulnerabilities. which would need more careful analysis than is possible here. E.g. you could make the program set user root.

dicko · March 15, 2023, 1:47pm

As previously mentioned

runs fine without root privilege.

system · April 15, 2023, 1:48pm

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.