[Asterisk-bsd] setting permissions for asterisk and dahdi

Tim St. Pierre tim at communicatefreely.net
Fri Aug 27 21:08:38 CDT 2010 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Kurt,

Here's some useful rule entries that I'm using.  Once it's all setup, it works just fine.

This goes in /etc/devfs.conf.rules

# Required for non-priv asterisk

own     zap/timer* asterisk:asterisk
perm    zap 0660
own     zap/channel* asterisk:asterisk
perm    zap 0660
own     zap/pseudo* asterisk:asterisk
perm    zap 0660
own     zap/ctl asterisk:asterisk
perm    zap/ctl 0600

Add this line to /etc/rc.conf and make sure the others are similar

devfs_system_ruleset="devfsrules_asterisk"

zaptel_enable="YES"
asterisk_enable="YES"
asterisk_user="asterisk"
asterisk_group="asterisk"
asterisk_pidfile="/var/run/asterisk/asterisk.pid"

Put this in /etc/devfs.rules

[devfsrules_asterisk=10]
add path 'zap/pseudo*' mode 0600 user asterisk group asterisk
add path 'zap/channel*' mode 0600 user asterisk group asterisk
add path 'zap/timer*' mode 0600 user asterisk group asterisk

I'm assuming you know about the directory permissions and all that.

You have to create the /var/run/asterisk directory so that you can give asterisk permissions to
write in it.  I don't know of any standardized UID so I used a local one as well.  Maybe someone
will at some point.  The precedent seems to be to use the tcp port, but that only works for older
protocols that are below 500.

The above is actually for zaptel.  Use it as an example and change it to suit.  Let me know if it
works for you.

- -Tim

Kurt Lidl wrote:
> I've got an IP-only Asterisk-1.6 installation running on FreeBSD.
> 
> (IP only in that the inbound trunking is coming over IAX,
> and then I have several SIP extensions registered to that
> installation.)
> 
> I need to have dahdi timing for the IAX trunking to work.
> 
> This has been working fine, but I had to change the Asterisk
> startup script to chmod the devices that dahdi creates.
> I'm sure there is some fancy devfs goo that could be done
> to make this happen, but I couldn't figure it out in 5 minutes,
> so I changed the startup script.  (Included at the end of this
> message.)
> 
> I wanted to run the entire asterisk configuration as a non-root
> user, which is also have I run the apache22 on that machine,
> which has "FreePBX" installed on it.  (I submitted a couple of
> patches just before FreePBX 2.8 was released.  Some of those made
> it into FreePBX tree, and some did not, but you can find them
> via their bug tracker interface.)
> 
> It would be nice if there was a "reserved" UID:GID combination
> for running asterisk on FreeBSD in the /usr/ports framework.
> I have added some locally so my script can work, but I'd rather
> there was a "well known" default set that the Asterisk port
> would install on the system.
> 
> -Kurt
> 
> ---- snip, snip ----
> #!/bin/sh
> 
> # PROVIDE: asterisk
> # REQUIRE: DAEMON dahdi
> # KEYWORD: shutdown
> #
> # Add the following lines to /etc/rc.conf to enable asterisk:
> #
> # asterisk_enable="YES"
> #
> 
> . /etc/rc.subr
> 
> name="asterisk"
> rcvar=`set_rcvar`
> 
> sig_stop=KILL
> 
> start_cmd="asterisk_start"
> #stop_cmd="asterisk_stop"
> stop_precmd=asterisk_shutdown
> 
> rundir=/var/run/asterisk
> command=/usr/local/sbin/asterisk
> 
> load_rc_config $name
> : ${asterisk_enable="NO"}
> : ${asterisk_args=""}
> 
> asterisk_user="asterisk"
> asterisk_group="asterisk"
> pidfile=${asterisk_pidfile:-"$rundir/asterisk.pid"}
> 
> asterisk_start () {
> 	echo -n " ${name}"
> 	mkdir -p $rundir
> 	chown ${asterisk_user}:${asterisk_group} $rundir
> 	find /dev/dahdi /var/db/asterisk -print | \
> 		xargs chown ${asterisk_user}:${asterisk_group}
> 	sleep 1
> 	$command -U ${asterisk_user} -G ${asterisk_group} ${asterisk_args}
> }
> 
> asterisk_shutdown () {
> 	$command -qrx 'stop now'
> 	sleep 1
> 	return 0
> }
> 
> run_rc_command "$1"
> ---- snip, snip ----
> 

- --
Tim St. Pierre
IP Voice technician
Communicate Freely
1-877-291-8647 x5101
sip:5101 at communicatefreely.net
tim at communicatefreely.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iJwEAQECAAYFAkx4b6UACgkQipVy80Kcc6si8gP9G/py5D3tc0xY/EncEWEVZZ+y
OBpiKdBMtYWDNNAWUS254FV7yv0Ife7R/elQCc64Rw3OcToGRIN2EdqoI04PuCPG
gbL4uAhnzYKZKHDAgubkWj/K8xsHMY9zqM6Zmr7+Ypl40Po4YlIV7p7/dKfiw8Om
l6DGEki81YjjuFvW7YM=
=GmPV
-----END PGP SIGNATURE-----

More information about the Asterisk-BSD mailing list