VoIP Mailing List Archives :: View topic - [asterisk-users] Newbie Asterisk: Install Asterisk as non-root

Sponsor: VoiceMeUp - Corporate & Wholesale VoIP Services

VoIP Mailing List Archives
Mailing list archives for the VoIP community

[asterisk-users] Newbie Asterisk: Install Asterisk as non-root

VoIP Mailing List Archives Forum Index -> Asterisk Users

View previous topic :: View next topic

Author

Message

Guest

Posted: Thu May 15, 2008 3:17 am Post subject: [asterisk-users] Newbie Asterisk: Install Asterisk as non-ro

I was following the instruction on http://www.voip-info.org/wiki-Asterisk+non-root to re-install my Asterisk as non-root when I had the following questions/issues: 1) " Use your system's preferred method of adding a new user. Examples: Red Hat: adduser -c "Asterisk PBX" -d /var/lib/asterisk -u 5060 asterisk" ###Why did we have to choose uid as 5060? ###In fact, do you need to specify the uid at all? 2) "Edit your Asterisk config file (/etc/asterisk/asterisk.conf): astrundir => /var/run/asterisk Recompile and reinstall Asterisk." ### Seems a bit strange to modify this before you recompile. ### As it turns out, the reinstall did not change the astrundir variable ### You have to manually modify it if this modification is actually required. 3) "Also, make note that if you're running udev on your system (linux-2.6), the /dev directory is dynamically populated with device nodes, meaning that any permissions you set on /dev/zap will be lost on your next reboot, and you may get a nasty message such as "Asterisk ended with exit status 1" when trying to start asterisk. Read the file /path/to/zaptel-src-1.2.x/README.udev for instructions on how to change the user/group assigned to /dev/zap. " ### There is actually no README.udev file in zaptel source. ### Do I need to worry about this if "uname -r" returns 2.6.18-8.el5 ### What actually is udev? 4) "Asterisk needs read permission for these directories and their contents: /etc/asterisk. chown --recursive root:asterisk /etc/asterisk" ### root is not in group asterisk ### All the while, the instruction has been saying to create a user asterisk ### under group asterisk. ### Does it mean to put root into group asterisk as well??? ### Or should it be "chown --recursive asterisk:asterisk /etc/asterisk" ? 5) Another article says that running as non-root will prevent ToS being used. What is ToS? Do I need to be concerned? Any thoughts?

philipp.kempgen at amo...
Guest

Posted: Thu May 15, 2008 4:01 am Post subject: [asterisk-users] Newbie Asterisk: Install Asterisk as non-ro

Lee, John (Sydney) schrieb:

Quote:

I was following the instruction on
http://www.voip-info.org/wiki-Asterisk+non-root to re-install my
Asterisk as non-root when I had the following questions/issues:

1) " Use your system's preferred method of adding a new user. Examples:
Red Hat: adduser -c "Asterisk PBX" -d /var/lib/asterisk -u 5060
asterisk"
###Why did we have to choose uid as 5060?
###In fact, do you need to specify the uid at all?

If you don't care: no.

Quote:

2) "Edit your Asterisk config file (/etc/asterisk/asterisk.conf):
astrundir => /var/run/asterisk
Recompile and reinstall Asterisk."
### Seems a bit strange to modify this before you recompile.
### As it turns out, the reinstall did not change the astrundir variable
### You have to manually modify it if this modification is actually
required.

Why should /etc/asterisk/asterisk.conf have any influence on
the compilation?

Quote:

3) "Also, make note that if you're running udev on your system
(linux-2.6), the /dev directory is dynamically populated with device
nodes, meaning that any permissions you set on /dev/zap will be lost on
your next reboot, and you may get a nasty message such as "Asterisk
ended with exit status 1"
when trying to start asterisk. Read the file
/path/to/zaptel-src-1.2.x/README.udev for instructions on how to change
the user/group assigned to /dev/zap. "
### There is actually no README.udev file in zaptel source.
### Do I need to worry about this if "uname -r" returns 2.6.18-8.el5
### What actually is udev?

http://en.wikipedia.org/wiki/Udev
http://www.kernel.org/pub/linux/utils/kernel/hotplug/udev.html

Quote:

4) "Asterisk needs read permission for these directories and their
contents:
/etc/asterisk.
chown --recursive root:asterisk /etc/asterisk"
### root is not in group asterisk
### All the while, the instruction has been saying to create a user
asterisk
### under group asterisk.
### Does it mean to put root into group asterisk as well???
### Or should it be "chown --recursive asterisk:asterisk /etc/asterisk"
?

Probably.

Quote:

5) Another article says that running as non-root will prevent ToS being
used.
What is ToS? Do I need to be concerned?

http://en.wikipedia.org/wiki/Type_of_Service
http://en.wikipedia.org/wiki/DiffServ_Code_Point

Quote:

Any thoughts?

When I last thought about it Asterisk was not really ready to be
run as non-root. Maybe it is now.
Gr??e,
Philipp Kempgen
--
Asterisk-Tag.org 2008, 26.-27. Mai -> http://www.asterisk-tag.org
amooma GmbH - Bachstr. 126 - 56566 Neuwied -> http://www.amooma.de
Gesch?ftsf?hrer: Stefan Wintermeyer, Handelsregister: Neuwied B14998

alanslists at gmail.com
Guest

Posted: Thu May 15, 2008 5:12 am Post subject: [asterisk-users] Newbie Asterisk: Install Asterisk as non-ro

Lee, John (Sydney) wrote:

Quote:

Nope - the UID doesn't matter, but it is general practice to keep system
(application) UIDs below 100 or 1000 and "normal" users above. So I'd
use a number below 100 or 1000 depending on your linux distro's standard.

Quote:

That won't affect compilation whatsoever.

Quote:

udev help linux to dynamically create/remove the interfaces to various
hardware devices and so forth. After installing the zaptel module you'll
see a udev rules file "zaptel.rules" in your etc/udev configuration
area. It doesn't take a genius to work out if or how you need to change
anything in that file...

Quote:

There is reason behind this. It is possibly more secure to make the
"owner" root and just allow group access by asterisk. Setting the files
as above permits read/write only by the user root and read only by
members of the group asterisk.

Quote:

5) Another article says that running as non-root will prevent ToS being
used.
What is ToS? Do I need to be concerned?

http://en.wikipedia.org/wiki/Type_of_Service. Why you can't use this as
non-root I do not understand...

Quote:

Any thoughts?

I wrote up my solution for building and running asterisk as non-root
here:
http://www.theopensourcerer.com/2007/10/30/untangle-asterisk-pbx-and-file-server-all-in-one-part-7/

I have read somewhere that voicemail.conf needs to be writeable by
Asterisk so users can change their vmailbox passwords. I haven't
confirmed this but I set voicemail.conf to be writeable by group
asterisk just in case.

Hope this helps.

Al

--
The way out is open!
http://www.theopensourcerer.com

tzafrir.cohen at xorco...
Guest

Posted: Thu May 15, 2008 5:30 am Post subject: [asterisk-users] Newbie Asterisk: Install Asterisk as non-ro

On Thu, May 15, 2008 at 06:17:12PM +1000, Lee, John (Sydney) wrote:

Quote:

I was following the instruction on
http://www.voip-info.org/wiki-Asterisk+non-root to re-install my
Asterisk as non-root when I had the following questions/issues:

For those wondering what the fuss is all about, look at:

He was actually refering to:

http://www.voip-info.org/wiki/page_history.php?page_id=745&preview=40

Quote:

1) " Use your system's preferred method of adding a new user. Examples:
Red Hat: adduser -c "Asterisk PBX" -d /var/lib/asterisk -u 5060
asterisk"
###Why did we have to choose uid as 5060?
###In fact, do you need to specify the uid at all?

Right. No need.

Quote:

This was not written clearly. I put there a separate case for Asterisk

Quote:

= 1.4 . Did it require a rebuild on 1.2 ?

TODO: update on the vanishing /var/run/asterisk at boot on a certain
distribution .

Quote:

I see that this is not docuemnted anywhere, actually . Zaptel now (as of
around 1.4.8, I believe) creates udev rules that set the userame of the
device to Asterisk.

Some distributions (Gentoo and Debian) replace that with a rule that
sets the group to "dialout" (hence the need to add Asterisk to the group
'dialout').

Quote:

4) "Asterisk needs read permission for these directories and their
contents:
/etc/asterisk.
chown --recursive root:asterisk /etc/asterisk"
### root is not in group asterisk

root can read/write everything anyway, regardless of ownership.

Quote:

### All the while, the instruction has been saying to create a user
asterisk
### under group asterisk.
### Does it mean to put root into group asterisk as well???
### Or should it be "chown --recursive asterisk:asterisk /etc/asterisk"
?

You can. But it will simply be pointless.

Quote:

5) Another article says that running as non-root will prevent ToS being
used.
What is ToS? Do I need to be concerned?

Anybody wants to write something about this?

I recall a change in that area in recent Asterisk 1.4-s .
Does Asterisk actually break with SELinux enabled? Why?

--
Tzafrir Cohen
icq#16849755 jabber:tzafrir.cohen at xorcom.com
+972-50-7952406 mailto:tzafrir.cohen at xorcom.com
http://www.xorcom.com iax:guest at local.xorcom.com/tzafrir

jsneerin at gmail.com
Guest

Posted: Thu May 15, 2008 10:57 am Post subject: [asterisk-users] Newbie Asterisk: Install Asterisk as non-ro

On Thu, May 15, 2008 at 5:30 AM, Tzafrir Cohen <tzafrir.cohen at xorcom.com> wrote:

Quote:

On Thu, May 15, 2008 at 06:17:12PM +1000, Lee, John (Sydney) wrote:

Quote:

5) Another article says that running as non-root will prevent ToS being
used. What is ToS? Do I need to be concerned?

Anybody wants to write something about this?
I recall a change in that area in recent Asterisk 1.4-s .

ToS is supported when running non-root on Linux by using kernel
capabilities. On Ubuntu, the libcap-dev package is required for this.
It provides libcap.{a,so} and sys/capability.h, which the Asterisk
configure script will check for before you compile. You can check to
see whether your binary is linked against libcap using the ldd
command:

$ ldd /usr/sbin/asterisk
linux-gate.so.1 => (0xffffe000)
libdl.so.2 => /lib/tls/i686/cmov/libdl.so.2 (0xb7fd9000)
libcap.so.1 => /lib/libcap.so.1 (0xb7fd5000)
libpthread.so.0 => /lib/tls/i686/cmov/libpthread.so.0 (0xb7fc2000)
libncurses.so.5 => /lib/libncurses.so.5 (0xb7f81000)
libm.so.6 => /lib/tls/i686/cmov/libm.so.6 (0xb7f5f000)
libresolv.so.2 => /lib/tls/i686/cmov/libresolv.so.2 (0xb7f4c000)
libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0xb7e1d000)
/lib/ld-linux.so.2 (0xb7fe5000)

-James

Guest

Posted: Fri May 16, 2008 3:04 am Post subject: [asterisk-users] Newbie Asterisk: Install Asterisk as non-ro

First of all, thanks Philipp, Alan, Tzafrir and James for your valuable comments. I have listed below the exact list of commands to run for reinstalling asterisk 1.4.* as non-root on a Redhat / Fedora distro. Hope others can benefit. I have the following comments/questions though: 1) #####What is safe_asterisk used for actually? I did not touch it in my modification because I don't know when is it triggered? 2) #####I do not actually know whether we really need to modify /etc/asterisk/asterisk.conf? Is this file read by asterisk at all? Seems like an important file name - asterisk.conf? 3) It is safer to define a user called asterisk in group asterisk unless you want to make more changes to 2 files i.e. zaptel.rules and /etc/init.d/asterisk 4) There is an additional chmod to run for letting voicemail.conf to be written by group asterisk. # /etc/init.d/asterisk stop Shutting down asterisk: [ OK ] ---------------------------------------------------- # /usr/sbin/groupadd asterisk ---------------------------------------------------- # /usr/sbin/useradd -d /var/lib/asterisk -g asterisk asterisk useradd: warning: the home directory already exists. Not copying any file from skel directory into it. ---------------------------------------------------- # cp Makefile Makefile.org ---------------------------------------------------- * * Change the following line from: * * ASTVARRUNDIR=$(localstatedir)/run * * to * * ASTVARRUNDIR=$(localstatedir)/run/asterisk * # vi Makefile [...] ifeq ($(OSARCH),SunOS) ASTETCDIR=/var/etc/asterisk ASTLIBDIR=/opt/asterisk/lib ASTVARLIBDIR=/var/opt/asterisk ASTSPOOLDIR=/var/spool/asterisk ASTLOGDIR=/var/log/asterisk ASTHEADERDIR=/opt/asterisk/include ASTBINDIR=/opt/asterisk/bin ASTSBINDIR=/opt/asterisk/sbin ASTVARRUNDIR=/var/run/asterisk ASTMANDIR=/opt/asterisk/man else ASTETCDIR=$(sysconfdir)/asterisk ASTLIBDIR=$(libdir)/asterisk ASTHEADERDIR=$(includedir)/asterisk ASTBINDIR=$(bindir) ASTSBINDIR=$(sbindir) ASTSPOOLDIR=$(localstatedir)/spool/asterisk ASTLOGDIR=$(localstatedir)/log/asterisk ASTVARRUNDIR=$(localstatedir)/run/asterisk ASTMANDIR=$(mandir) [...] ---------------------------------------------------- cd /usr/src/asterisk-1.4 make clean ./configure make make install ---------------------------------------------------- * * Don't panic! * /var/run/asterisk should just be an empty directory but should just exist. * ---------------------------------------------------- # chown --recursive asterisk:asterisk /var/lib/asterisk # chown --recursive asterisk:asterisk /var/log/asterisk # chown --recursive asterisk:asterisk /var/run/asterisk # chown --recursive asterisk:asterisk /var/spool/asterisk # chown --recursive asterisk:asterisk /usr/lib/asterisk # chown --recursive asterisk:asterisk /dev/zap ---------------------------------------------------- # chmod --recursive u=rwX,g=rX,o= /var/lib/asterisk # chmod --recursive u=rwX,g=rX,o= /var/log/asterisk # chmod --recursive u=rwX,g=rX,o= /var/run/asterisk # chmod --recursive u=rwX,g=rX,o= /var/spool/asterisk # chmod --recursive u=rwX,g=rX,o= /usr/lib/asterisk # chmod --recursive u=rwX,g=rX,o= /dev/zap ---------------------------------------------------- # chown --recursive root:asterisk /etc/asterisk # chmod --recursive u=rwX,g=rX,o= /etc/asterisk ---------------------------------------------------- # cp /etc/asterisk/asterisk.conf /etc/asterisk/asterisk.conf.org # vi /etc/asterisk/asterisk.conf * * Change the following line from: * * astrundir => /var/run * * to * * astrundir => /var/run/asterisk * ---------------------------------------------------- # cp /etc/init.d/asterisk /etc/init.d/asterisk.org ---------------------------------------------------- # vi /etc/init.d/asterisk * * Uncomment the following line from: * * #AST_USER="asterisk" * #AST_GROUP="asterisk" * * to * * AST_USER="asterisk" * AST_GROUP="asterisk" * ---------------------------------------------------- * * Asterisk needs to write to voicemail.conf for password change. * # chmod g+w /etc/asterisk/voicemail.conf ---------------------------------------------------- * * Restart Asterisk by either of below: *** # /etc/init.d/asterisk restart ---------------------------------------------------- # asterisk -U asterisk -G asterisk ----------------------------------------------------

jsneerin at gmail.com
Guest

Posted: Fri May 16, 2008 6:32 pm Post subject: [asterisk-users] Newbie Asterisk: Install Asterisk as non-ro

On Fri, May 16, 2008 at 3:04 AM, Lee, John (Sydney)
<John.Lee at compuware.com> wrote:

Quote:

First of all, thanks Philipp, Alan, Tzafrir and James for your valuable
comments. I have listed below the exact list of commands to run for
reinstalling asterisk 1.4.* as non-root on a Redhat / Fedora distro.
Hope others can benefit.

I have the following comments/questions though:
1) #####What is safe_asterisk used for actually? I did not touch it in
my modification because I don't know when is it triggered?

The safe_asterisk script monitors the actual asterisk process, and if
it dies for some reason, it restarts it and optionally notifies you.
It's just a precaution. MySQL is often run under a script called
mysqld_safe for the same reason.

Quote:

2) #####I do not actually know whether we really need to modify
/etc/asterisk/asterisk.conf? Is this file read by asterisk at all?
Seems like an important file name - asterisk.conf?

It is read by asterisk, but whether you need to change any of the
defaults really depends on your environment. Most of the options in it
have equivalent command-line options, so you might want to use
asterisk.conf instead of modifying the startup script (which could be
overwritten the next time you upgrade).

Quote:

4) There is an additional chmod to run for letting voicemail.conf to be
written by group asterisk.

What I found was that /etc/asterisk also needs to be writable by the
asterisk user, because asterisk will unlink and recreate the file, so
it needs to be able to write to the directory, not just the file. You
can protect yourself a little bit by setting the sticky bit on
/etc/asterisk, so even if asterisk goes nuts, it can't whack files it
doesn't actually have write permissions on.

chmod g+w /etc/asterisk/voicemail.conf
chmod g+w,+t /etc/asterisk

-James

tzafrir.cohen at xorco...
Guest

Posted: Sat May 17, 2008 9:21 am Post subject: [asterisk-users] Newbie Asterisk: Install Asterisk as non-ro

On Fri, May 16, 2008 at 06:32:30PM -0500, James Sneeringer wrote:

Quote:

On Fri, May 16, 2008 at 3:04 AM, Lee, John (Sydney)
<John.Lee at compuware.com> wrote:

Quote:

The safe_asterisk script monitors the actual asterisk process, and if
it dies for some reason,

Not "for some reason". For instyance, if asterisk decides to die the
script should not restart it. And if it got a SIGTERM? (e.g.: from init
on shutdown?)

Quote:

it restarts it and optionally notifies you.
It's just a precaution. MySQL is often run under a script called
mysqld_safe for the same reason.

Quote:

2) #####I do not actually know whether we really need to modify
/etc/asterisk/asterisk.conf? Is this file read by asterisk at all?
Seems like an important file name - asterisk.conf?

Also note that asterisk.conf options override command-line options (and
not the other way around, as you might have learned to expect from most
other applications).

Quote:

4) There is an additional chmod to run for letting voicemail.conf to be
written by group asterisk.

Question: what does it take to move the voicemail file from
/etc/asterisk/voicemail.conf to /etc/asterisk/writble/voicemail.conf ?

Patch voicemail.conf and leave a compatibility symlink for the others?

--
Tzafrir Cohen
icq#16849755 jabber:tzafrir.cohen at xorcom.com
+972-50-7952406 mailto:tzafrir.cohen at xorcom.com
http://www.xorcom.com iax:guest at local.xorcom.com/tzafrir

mark.h at cage151.com
Guest

Posted: Sat May 17, 2008 9:53 pm Post subject: [asterisk-users] Newbie Asterisk: Install Asterisk as non-ro

Lee, You should probably clean it up and put it up on the wiki. I don't think anyone has put up a step-by-step like you did before. There might be much easier additions/modifications done to it, and it will be available to everybody. Thanks for this, btw. Mark. -----Original Message----- From: asterisk-users-bounces at lists.digium.com [mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Lee, John (Sydney) Sent: May 16, 2008 4:04 AM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [asterisk-users] Newbie Asterisk: Install Asterisk as non-root First of all, thanks Philipp, Alan, Tzafrir and James for your valuable comments. I have listed below the exact list of commands to run for reinstalling asterisk 1.4.* as non-root on a Redhat / Fedora distro. Hope others can benefit. I have the following comments/questions though: 1) #####What is safe_asterisk used for actually? I did not touch it in my modification because I don't know when is it triggered? 2) #####I do not actually know whether we really need to modify /etc/asterisk/asterisk.conf? Is this file read by asterisk at all? Seems like an important file name - asterisk.conf? 3) It is safer to define a user called asterisk in group asterisk unless you want to make more changes to 2 files i.e. zaptel.rules and /etc/init.d/asterisk 4) There is an additional chmod to run for letting voicemail.conf to be written by group asterisk. # /etc/init.d/asterisk stop Shutting down asterisk: [ OK ] ---------------------------------------------------- # /usr/sbin/groupadd asterisk ---------------------------------------------------- # /usr/sbin/useradd -d /var/lib/asterisk -g asterisk asterisk useradd: warning: the home directory already exists. Not copying any file from skel directory into it. ---------------------------------------------------- # cp Makefile Makefile.org ---------------------------------------------------- * * Change the following line from: * * ASTVARRUNDIR=$(localstatedir)/run * * to * * ASTVARRUNDIR=$(localstatedir)/run/asterisk * # vi Makefile [...] ifeq ($(OSARCH),SunOS) ASTETCDIR=/var/etc/asterisk ASTLIBDIR=/opt/asterisk/lib ASTVARLIBDIR=/var/opt/asterisk ASTSPOOLDIR=/var/spool/asterisk ASTLOGDIR=/var/log/asterisk ASTHEADERDIR=/opt/asterisk/include ASTBINDIR=/opt/asterisk/bin ASTSBINDIR=/opt/asterisk/sbin ASTVARRUNDIR=/var/run/asterisk ASTMANDIR=/opt/asterisk/man else ASTETCDIR=$(sysconfdir)/asterisk ASTLIBDIR=$(libdir)/asterisk ASTHEADERDIR=$(includedir)/asterisk ASTBINDIR=$(bindir) ASTSBINDIR=$(sbindir) ASTSPOOLDIR=$(localstatedir)/spool/asterisk ASTLOGDIR=$(localstatedir)/log/asterisk ASTVARRUNDIR=$(localstatedir)/run/asterisk ASTMANDIR=$(mandir) [...] ---------------------------------------------------- cd /usr/src/asterisk-1.4 make clean ./configure make make install ---------------------------------------------------- * * Don't panic! * /var/run/asterisk should just be an empty directory but should just exist. * ---------------------------------------------------- # chown --recursive asterisk:asterisk /var/lib/asterisk # chown --recursive asterisk:asterisk /var/log/asterisk # chown --recursive asterisk:asterisk /var/run/asterisk # chown --recursive asterisk:asterisk /var/spool/asterisk # chown --recursive asterisk:asterisk /usr/lib/asterisk # chown --recursive asterisk:asterisk /dev/zap ---------------------------------------------------- # chmod --recursive u=rwX,g=rX,o= /var/lib/asterisk # chmod --recursive u=rwX,g=rX,o= /var/log/asterisk # chmod --recursive u=rwX,g=rX,o= /var/run/asterisk # chmod --recursive u=rwX,g=rX,o= /var/spool/asterisk # chmod --recursive u=rwX,g=rX,o= /usr/lib/asterisk # chmod --recursive u=rwX,g=rX,o= /dev/zap ---------------------------------------------------- # chown --recursive root:asterisk /etc/asterisk # chmod --recursive u=rwX,g=rX,o= /etc/asterisk ---------------------------------------------------- # cp /etc/asterisk/asterisk.conf /etc/asterisk/asterisk.conf.org # vi /etc/asterisk/asterisk.conf * * Change the following line from: * * astrundir => /var/run * * to * * astrundir => /var/run/asterisk * ---------------------------------------------------- # cp /etc/init.d/asterisk /etc/init.d/asterisk.org ---------------------------------------------------- # vi /etc/init.d/asterisk * * Uncomment the following line from: * * #AST_USER="asterisk" * #AST_GROUP="asterisk" * * to * * AST_USER="asterisk" * AST_GROUP="asterisk" * ---------------------------------------------------- * * Asterisk needs to write to voicemail.conf for password change. * # chmod g+w /etc/asterisk/voicemail.conf ---------------------------------------------------- * * Restart Asterisk by either of below: *** # /etc/init.d/asterisk restart ---------------------------------------------------- # asterisk -U asterisk -G asterisk ---------------------------------------------------- _______________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users

Guest

Posted: Sun May 18, 2008 11:42 pm Post subject: [asterisk-users] Newbie Asterisk: Install Asterisk as non-ro

Quote:

You should probably clean it up and put it up on the wiki. I don't

think

Quote:

anyone has put up a step-by-step like you did before.

There might be much easier additions/modifications done to it, and it

will

Quote:

be available to everybody.

Done. No problem - glad to be of service to the open-source community.

Guest

Posted: Sun May 18, 2008 11:42 pm Post subject: [asterisk-users] Newbie Asterisk: Install Asterisk as non-ro

Quote:

You should probably clean it up and put it up on the wiki. I don't

think

Quote:

anyone has put up a step-by-step like you did before.

There might be much easier additions/modifications done to it, and it

will

Quote:

be available to everybody.

Done. No problem - glad to be of service to the open-source community.
http://www.voip-info.org/wiki/view/Asterisk+non-root

jsneerin at gmail.com
Guest

Posted: Mon May 19, 2008 9:02 am Post subject: [asterisk-users] Newbie Asterisk: Install Asterisk as non-ro

On Sat, May 17, 2008 at 9:21 AM, Tzafrir Cohen <tzafrir.cohen at xorcom.com> wrote:

Quote:

On Fri, May 16, 2008 at 06:32:30PM -0500, James Sneeringer wrote:

Quote:

The safe_asterisk script monitors the actual asterisk process, and if
it dies for some reason,

Not "for some reason". For instyance, if asterisk decides to die the
script should not restart it. And if it got a SIGTERM? (e.g.: from init
on shutdown?)

True, I oversimplified a bit. I should have said it restarts Asterisk
if it dies abnormally (e.g. with a return code of anything other than
zero). Init shouldn't have to kill it if the startup script can also
shut it down cleanly (which in my case on Ubuntu means stopping
safe_asterisk first).

Quote:

Also note that asterisk.conf options override command-line options (and
not the other way around, as you might have learned to expect from most
other applications).

Some asterisk.conf options, such as runuser and rungroup, don't appear
to work at all. I can get Asterisk to run non-root using -U and -G on
the command line, but attempting to do it in asterisk.conf instead
doesn't work for me. The command line is good enough for me, so I
haven't taken the time to figure out why it doesn't work.

Quote:

Yes, you would have to patch those two applications. The filename
itself is hardcoded into app_voicemail.c and app_directory.c. It picks
up the path from "astetcdir" in asterisk.conf, or uses /etc/asterisk
if that option is not defined. A simple symlink isn't good enough
because when Asterisk rewrites the config file (after a user changes
their passcode), it unlinks the old one without checking whether it's
a symlink it needs to dereference. I haven't looked too deeply into
the code, so I don't know if it's as simple as changing the
VOICEMAIL_CONFIG to "subdir/voicemail.conf".

-James

alanslists at gmail.com
Guest

Posted: Mon May 19, 2008 9:28 am Post subject: [asterisk-users] Newbie Asterisk: Install Asterisk as non-ro

James Sneeringer wrote:
<snip />

Quote:

Also note that asterisk.conf options override command-line options (and
not the other way around, as you might have learned to expect from most
other applications).

My uneducated guess would be that for Asterisk to parse the
asterisk.conf file it has to be running... Therefore it must already be
running as the user which it was told to run as.

Alan
--
The way out is open!
http://www.theopensourcerer.com

Display posts from previous:

	VoIP Mailing List Archives Forum Index -> Asterisk Users	All times are GMT - 5 Hours
Page 1 of 1

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum