[asterisk-bugs] [Asterisk 0009999]: runasuser/runasgroup used even for -r means reconnecting users must be root

noreply at bugs.digium.com noreply at bugs.digium.com
Fri Aug 31 16:01:03 CDT 2007 

A NOTE has been added to this issue. 
====================================================================== 
http://bugs.digium.com/view.php?id=9999 
====================================================================== 
Reported By:                stuarth
Assigned To:                
====================================================================== 
Project:                    Asterisk
Issue ID:                   9999
Category:                   Core/Configuration
Reproducibility:            always
Severity:                   minor
Priority:                   normal
Status:                     new
Asterisk Version:           1.4.4 
SVN Branch (only for SVN checkouts, not tarball releases): N/A  
SVN Revision (number only!):  
Disclaimer on File?:        No 
Request Review:              
====================================================================== 
Date Submitted:             06-18-2007 05:26 CDT
Last Modified:              08-31-2007 16:01 CDT
====================================================================== 
Summary:                    runasuser/runasgroup used even for -r means
reconnecting users must be root
Description: 
When runasuser/runasgroup are configured in asterisk.conf, they are used
whenever Asterisk is started, including when reconnecting to a running
instance. This means that it's not possible to just use filesystem
permissions on asterisk.ctl to restrict access, since without being root
the setuid/setgid calls will fail.

Wrapping the setuid block in main/asterisk.c with "if(!ast_opt_remote) {
... }" would makes things easier.
====================================================================== 

---------------------------------------------------------------------- 
 tzafrir - 08-31-07 16:01  
---------------------------------------------------------------------- 
The socket is indeed created by root. However, you can set the owner, group
and/or permissoins of that file in the [files] section of asterisk.conf .
See http://svn.digium.com/svn/asterisk/branches/1.4/doc/asterisk-conf.txt
.

Alternatively, chown / chmod manually the socket to test that you can
connect as any user. 

Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
08-31-07 16:01  tzafrir        Note Added: 0069802                          
======================================================================

More information about the asterisk-bugs mailing list