VoIP Mailing List Archives
Mailing list archives for the VoIP community |
|
| View previous topic :: View next topic |
| Author |
Message |
christian08 at runbox.com
Guest
|
 Posted: Mon May 05, 2008 6:59 pm Post subject: [asterisk-users] Running Asterisk as root |
 |
|
Hi all,
I have seen discussions on this earlier on, but just want to hear some quick thoughts.
I am running v1.6 of Asterisk on my Ubuntu installation, I did make config to make it run at boot. Since I've got a firewall and don't have any other servers running I am not worried. I have been htinking about running Asterisk as a seperat user, but haven't done that yet.
Everything is working fine.
What do you think?
Thanks,
Christian |
|
| Back to top |
|
 |
cesar at codinet.com.mx
Guest
|
| Posted: Mon May 05, 2008 7:18 pm Post subject: [asterisk-users] Running Asterisk as root |
|
|
Move to root:
sudo -s
type your passwd
and as root:
Edit the file /etc/init.d/asterisk
And uncommet the two lines than sasys something like
AST_USER="asterisk"
AST_GROUP="asterisk"
You need to create the user asterisk on your system.
And create another symlink sh to bash:
cd /bin
rm -f sh
ln -s bash sh
Edit your /etc/asterisk/asterisk.conf and replace the line:
astrundir => /var/run
With:
astrundir => /var/lib/asterisk/var/run
Create that folder:
mkdir -p /var/lib/asterisk/var/run
and, chown to asterisk:asterisk the folders:
/var/lib/asterisk/
/usr/lib/asterisk/
/var/log/asterisk/
chown -Rv asterisk:asterisk /var/lib/asterisk/
chown -Rv asterisk:asterisk /usr/lib/asterisk/
chown -Rv asterisk:asterisk /var/log/asterisk/
that's all
Btw... delete the symlink sh -> dash into /bin
Start daemon
/etc/init.d/asterisk start
-----Mensaje original-----
De: asterisk-users-bounces at lists.digium.com
[mailto:asterisk-users-bounces at lists.digium.com] En nombre de Christian
Enviado el: Lunes, 05 de Mayo de 2008 07:00 p.m.
Para: asterisk-users at lists.digium.com
Asunto: [asterisk-users] Running Asterisk as root
Hi all,
I have seen discussions on this earlier on, but just want to hear some quick
thoughts.
I am running v1.6 of Asterisk on my Ubuntu installation, I did make config
to make it run at boot. Since I've got a firewall and don't have any other
servers running I am not worried. I have been htinking about running
Asterisk as a seperat user, but haven't done that yet.
Everything is working fine.
What do you think?
Thanks,
Christian
_______________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
__________ NOD32 3076 (20080505) Information __________
This message was checked by NOD32 antivirus system.
http://www.eset.com |
|
| Back to top |
|
|
cesar at codinet.com.mx
Guest
|
| Posted: Mon May 05, 2008 7:28 pm Post subject: [asterisk-users] Running Asterisk as root |
|
|
Hum, sorry, i guess y type wrong about chowns, this is the right:
chown -Rv asterisk:asterisk /var/lib/asterisk/
chown -Rv asterisk:asterisk /usr/lib/asterisk/
chown -Rv asterisk:asterisk /var/log/asterisk/
-----Mensaje original-----
De: asterisk-users-bounces at lists.digium.com
[mailto:asterisk-users-bounces at lists.digium.com] En nombre de Cesar Benjamin
Garcia Martinez
Enviado el: Lunes, 05 de Mayo de 2008 07:18 p.m.
Para: 'Asterisk Users Mailing List - Non-Commercial Discussion'
Asunto: Re: [asterisk-users] Running Asterisk as root
Move to root:
sudo -s
type your passwd
and as root:
Edit the file /etc/init.d/asterisk
And uncommet the two lines than sasys something like
AST_USER="asterisk"
AST_GROUP="asterisk"
You need to create the user asterisk on your system.
And create another symlink sh to bash:
cd /bin
rm -f sh
ln -s bash sh
Edit your /etc/asterisk/asterisk.conf and replace the line:
astrundir => /var/run
With:
astrundir => /var/lib/asterisk/var/run
Create that folder:
mkdir -p /var/lib/asterisk/var/run
and, chown to asterisk:asterisk the folders:
/var/lib/asterisk/
/usr/lib/asterisk/
/var/log/asterisk/
chown -Rv asterisk:asterisk /var/lib/asterisk/
chown -Rv asterisk:asterisk /usr/lib/asterisk/
chown -Rv asterisk:asterisk /var/log/asterisk/
that's all
Btw... delete the symlink sh -> dash into /bin
Start daemon
/etc/init.d/asterisk start
-----Mensaje original-----
De: asterisk-users-bounces at lists.digium.com
[mailto:asterisk-users-bounces at lists.digium.com] En nombre de Christian
Enviado el: Lunes, 05 de Mayo de 2008 07:00 p.m.
Para: asterisk-users at lists.digium.com
Asunto: [asterisk-users] Running Asterisk as root
Hi all,
I have seen discussions on this earlier on, but just want to hear some quick
thoughts.
I am running v1.6 of Asterisk on my Ubuntu installation, I did make config
to make it run at boot. Since I've got a firewall and don't have any other
servers running I am not worried. I have been htinking about running
Asterisk as a seperat user, but haven't done that yet.
Everything is working fine.
What do you think?
Thanks,
Christian
_______________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
__________ NOD32 3076 (20080505) Information __________
This message was checked by NOD32 antivirus system.
http://www.eset.com
_______________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
__________ NOD32 3076 (20080505) Information __________
This message was checked by NOD32 antivirus system.
http://www.eset.com |
|
| Back to top |
|
|
tzafrir.cohen at xorco...
Guest
|
| Posted: Mon May 05, 2008 7:34 pm Post subject: [asterisk-users] Running Asterisk as root |
|
|
On Mon, May 05, 2008 at 07:18:08PM -0500, Cesar Benjamin Garcia Martinez wrote:
| Quote: | Btw... delete the symlink sh -> dash into /bin
|
BAD!!!!
THAT BREAKS THE SYSTEM
(leaves it without /bin/sh, making half the scripts fail)
--
Tzafrir Cohen
icq#16849755 jabber:tzafrir.cohen at xorcom.com
+972-50-7952406 mailto:tzafrir.cohen at xorcom.com
http://www.xorcom.com iax:guest at local.xorcom.com/tzafrir |
|
| Back to top |
|
|
tzafrir.cohen at xorco...
Guest
|
| Posted: Mon May 05, 2008 7:46 pm Post subject: [asterisk-users] Running Asterisk as root |
|
|
On Mon, May 05, 2008 at 07:18:08PM -0500, Cesar Benjamin Garcia Martinez wrote:
| Quote: | Move to root:
sudo -s
type your passwd
and as root:
Edit the file /etc/init.d/asterisk
And uncommet the two lines than sasys something like
AST_USER="asterisk"
AST_GROUP="asterisk"
You need to create the user asterisk on your system.
And create another symlink sh to bash:
cd /bin
rm -f sh
ln -s bash sh
|
Why is that?
Debian / Ubuntu policy is that a script that is not posix sh should use
/bin/bash. Any script of Asterisk does not fit the policy and has not
bit shot^Wfixed yet?
The fix is to edit the ofending script:
#!/bin/sh -> #!/bin/bash
| Quote: |
Edit your /etc/asterisk/asterisk.conf and replace the line:
astrundir => /var/run
With:
astrundir => /var/lib/asterisk/var/run
|
/var/run/asterisk
Everything under /var/run is deleted at boot with Ubuntu, so the init.d
script should recreate that directory and give it proper permissions if
it does not exist.
(or use the one from the Asterisk package)
| Quote: |
Create that folder:
mkdir -p /var/lib/asterisk/var/run
|
/var/run/asterisk, as mentioned above. and it should be created in the
init.d script .
| Quote: |
and, chown to asterisk:asterisk the folders:
/var/lib/asterisk/
/usr/lib/asterisk/
|
No real need for /usr/lib/asterisk to be owned by Asterisk. It is
read-only. /usr is read-only, as you recall.
| Quote: | /var/log/asterisk/
chown -Rv asterisk:asterisk /var/lib/asterisk/
|
# chown -Rv asterisk:asterisk /usr/lib/asterisk/
| Quote: | chown -Rv asterisk:asterisk /var/log/asterisk/
that's all
Btw... delete the symlink sh -> dash into /bin
|
NOT
| Quote: |
Start daemon
/etc/init.d/asterisk start
|
--
Tzafrir Cohen
icq#16849755 jabber:tzafrir.cohen at xorcom.com
+972-50-7952406 mailto:tzafrir.cohen at xorcom.com
http://www.xorcom.com iax:guest at local.xorcom.com/tzafrir |
|
| Back to top |
|
|
skoroneos at digital-o...
Guest
|
| Posted: Tue May 06, 2008 2:24 am Post subject: [asterisk-users] Running Asterisk as root |
|
|
In general, if your asterisk is accesible from the internet its much better
to have it run as a non-root process.
(My opinion is that this should be the default out-of-the-makefile 
asterisk behaviour)
This is the "norm" for more of the servers/services running on a linux
system, and can act as a safety-net when things go bad
Stelios S. Koroneos
Digital OPSiS - Embedded Intelligence
http://www.digital-opsis.com
| Quote: | -----Original Message-----
From: asterisk-users-bounces at lists.digium.com
[mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of
Christian
Sent: Tuesday, May 06, 2008 3:00 AM
To: asterisk-users at lists.digium.com
Subject: [asterisk-users] Running Asterisk as root
Hi all,
I have seen discussions on this earlier on, but just want to
hear some quick thoughts.
I am running v1.6 of Asterisk on my Ubuntu installation, I
did make config to make it run at boot. Since I've got a
firewall and don't have any other servers running I am not
worried. I have been htinking about running Asterisk as a
seperat user, but haven't done that yet.
Everything is working fine.
What do you think?
Thanks,
Christian
_______________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
|
|
|
| Back to top |
|
|
joakimsen at gmail.com
Guest
|
| Posted: Tue May 06, 2008 2:48 am Post subject: [asterisk-users] Running Asterisk as root |
|
|
I totally agree. Someone filed a bugreport for this? Also asterisk
init script should be installed by default too.
I am going to give Cesar's instructions a try (sans removing /bin/sh)
and hope it works!
On Tue, May 6, 2008 at 3:24 AM, Stelios Koroneos
<skoroneos at digital-opsis.com> wrote:
| Quote: | In general, if your asterisk is accesible from the internet its much better
to have it run as a non-root process.
(My opinion is that this should be the default out-of-the-makefile
asterisk behaviour)
This is the "norm" for more of the servers/services running on a linux
system, and can act as a safety-net when things go bad
Stelios S. Koroneos
Digital OPSiS - Embedded Intelligence
http://www.digital-opsis.com
| Quote: | -----Original Message-----
From: asterisk-users-bounces at lists.digium.com
[mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of
Christian
Sent: Tuesday, May 06, 2008 3:00 AM
To: asterisk-users at lists.digium.com
Subject: [asterisk-users] Running Asterisk as root
Hi all,
I have seen discussions on this earlier on, but just want to
hear some quick thoughts.
I am running v1.6 of Asterisk on my Ubuntu installation, I
did make config to make it run at boot. Since I've got a
firewall and don't have any other servers running I am not
worried. I have been htinking about running Asterisk as a
seperat user, but haven't done that yet.
Everything is working fine.
What do you think?
Thanks,
Christian
_______________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
|
_______________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
|
|
|
| Back to top |
|
|
alanslists at gmail.com
Guest
|
| Posted: Tue May 06, 2008 3:33 am Post subject: [asterisk-users] Running Asterisk as root |
|
|
Christian wrote:
| Quote: | Hi all,
I have seen discussions on this earlier on, but just want to hear some quick thoughts.
I am running v1.6 of Asterisk on my Ubuntu installation, I did make config to make it run at boot. Since I've got a firewall and don't have any other servers running I am not worried. I have been htinking about running Asterisk as a seperat user, but haven't done that yet.
Everything is working fine.
What do you think?
Thanks,
Christian
|
I'd never run a server app as root. It is just asking for trouble IMHO.
When I built asterisk on my little custom linux server I documented the
process of setting up as a non-privileged process here. Most of the
information originally came from the voip-info.org site:
http://www.theopensourcerer.com/2007/10/30/untangle-asterisk-pbx-and-file-server-all-in-one-part-7/
Hope this helps.
Al
--
The way out is open!
http://www.theopensourcerer.com |
|
| Back to top |
|
|
cesar at codinet.com.mx
Guest
|
| Posted: Tue May 06, 2008 12:27 pm Post subject: [asterisk-users] Running Asterisk as root |
|
|
Really not.. if only you delete sh, yes, but i say make a symlink from
/bin/bash to /bin/sh
Ubuntu 7.04 and above, comes with the shell dash as sh, ubuntu 6.06 comes
with bash as sh, I got problems to start daemon, when sh points to dash..
safe_asterisk don's start...
I read 1.4.19 don't need anymore safe_asterisk, but, what about if I need
1.2.x ? or 1.4.18 ? I talk for example if I use unicall for E1 (MFCR2) when
I need that versions... someone do?
Oh!!! Now understand... I forget it... when I say about delete sh... i
forget say that is necessary, to create a symlink from /bin/bash to /bin/sh
I'm so sorry :$
-----Mensaje original-----
De: asterisk-users-bounces at lists.digium.com
[mailto:asterisk-users-bounces at lists.digium.com] En nombre de Tzafrir Cohen
Enviado el: Lunes, 05 de Mayo de 2008 07:35 p.m.
Para: asterisk-users at lists.digium.com
Asunto: Re: [asterisk-users] Running Asterisk as root
On Mon, May 05, 2008 at 07:18:08PM -0500, Cesar Benjamin Garcia Martinez
wrote:
| Quote: | Btw... delete the symlink sh -> dash into /bin
|
BAD!!!!
THAT BREAKS THE SYSTEM
(leaves it without /bin/sh, making half the scripts fail)
--
Tzafrir Cohen
icq#16849755 jabber:tzafrir.cohen at xorcom.com
+972-50-7952406 mailto:tzafrir.cohen at xorcom.com
http://www.xorcom.com iax:guest at local.xorcom.com/tzafrir
_______________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
__________ NOD32 3078 (20080506) Information __________
This message was checked by NOD32 antivirus system.
http://www.eset.com |
|
| Back to top |
|
|
cesar at codinet.com.mx
Guest
|
| Posted: Tue May 06, 2008 12:33 pm Post subject: [asterisk-users] Running Asterisk as root |
|
|
Hum. About the /var/run i do thats changes in the conf and the creation fo
/var/run into /var/lib/asterisk becouse Works  . Yes, Ubuntu cleans al into
/var/run and that's my solution, I believe is possible touch something in
daemon for do work fine but I consider more simple make 2 folders and modify
one line
Maybe, the init.d script works well if comes from official package, I never
has installed asterisk from package, I prefer from sources.
On Mon, May 05, 2008 at 07:18:08PM -0500, Cesar Benjamin Garcia Martinez
wrote:
| Quote: | Move to root:
sudo -s
type your passwd
and as root:
Edit the file /etc/init.d/asterisk
And uncommet the two lines than sasys something like
AST_USER="asterisk"
AST_GROUP="asterisk"
You need to create the user asterisk on your system.
And create another symlink sh to bash:
cd /bin
rm -f sh
ln -s bash sh
|
Why is that?
Debian / Ubuntu policy is that a script that is not posix sh should use
/bin/bash. Any script of Asterisk does not fit the policy and has not
bit shot^Wfixed yet?
The fix is to edit the ofending script:
#!/bin/sh -> #!/bin/bash
| Quote: |
Edit your /etc/asterisk/asterisk.conf and replace the line:
astrundir => /var/run
With:
astrundir => /var/lib/asterisk/var/run
|
/var/run/asterisk
Everything under /var/run is deleted at boot with Ubuntu, so the init.d
script should recreate that directory and give it proper permissions if
it does not exist.
(or use the one from the Asterisk package)
| Quote: |
Create that folder:
mkdir -p /var/lib/asterisk/var/run
|
/var/run/asterisk, as mentioned above. and it should be created in the
init.d script .
| Quote: |
and, chown to asterisk:asterisk the folders:
/var/lib/asterisk/
/usr/lib/asterisk/
|
No real need for /usr/lib/asterisk to be owned by Asterisk. It is
read-only. /usr is read-only, as you recall.
| Quote: | /var/log/asterisk/
chown -Rv asterisk:asterisk /var/lib/asterisk/
|
# chown -Rv asterisk:asterisk /usr/lib/asterisk/
| Quote: | chown -Rv asterisk:asterisk /var/log/asterisk/
that's all
Btw... delete the symlink sh -> dash into /bin
|
NOT
| Quote: |
Start daemon
/etc/init.d/asterisk start
|
--
Tzafrir Cohen
icq#16849755 jabber:tzafrir.cohen at xorcom.com
+972-50-7952406 mailto:tzafrir.cohen at xorcom.com
http://www.xorcom.com iax:guest at local.xorcom.com/tzafrir
_______________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
__________ NOD32 3078 (20080506) Information __________
This message was checked by NOD32 antivirus system.
http://www.eset.com |
|
| Back to top |
|
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|
Search
