[asterisk-bugs] [JIRA] (ASTERISK-6174) [patch] Asterisk ignores ACLs and umask for most file creations

Sverre G (JIRA) noreply at issues.asterisk.org
Tue Oct 11 23:39:01 CDT 2016 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-6174?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=232657#comment-232657 ] 

Sverre G commented on ASTERISK-6174:
------------------------------------

I spent ages on the problem in which voicemail messages had permissions I didn't like and came across this thread once I started digging around in the voicemail.c code. What I discovered is that ~my_umask contains the umask that the asterisk process was started with (often 0644), and when joined with VOICEMAIL_FILE_MODE (0666) the result is the more restrictive mode (0644).

The solution is to modify /usr/bin/safe_asterisk, specifically the line #UMASK=022, uncomment it and change it to UMASK=000 or UMASK=011. This will result in ~my_umask having the value 0777 or 0766, which when merged with 0666 results in 0666 and thus all voicemail files will have permissions of -rw-rw-rw which is much more useful (particularly if you have some third party web based system for listening to and deleting voicemails).

I hope this helps someone so far down the track.

> [patch] Asterisk ignores ACLs and umask for most file creations
> ---------------------------------------------------------------
>
>                 Key: ASTERISK-6174
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-6174
>             Project: Asterisk
>          Issue Type: Bug
>          Components: Core/General
>            Reporter: Ben Klang
>            Severity: Minor
>         Attachments: asterisk-file-mode-retry-v2.diff, ast-file-mode-config.patch, ast-file-mode-r29695.patch, ast-file-mode-r41810.patch
>
>
> I came across this issue while trying to understand why my default ACLs were not being applied to new voicemails as they were spooled into the directory.  This problem appears to have been partially solved with the addition of VOICEMAIL_FILE_MODE and VOICEMAIL_DIR_MODE in apps/app_voicemail.c but I wanted to see the fix made more consistent across the tree.
> I looked for all instances where open() would be called with O_CREATE and changed the mode arg to AST_FILE_MODE which I then defined in include/asterisk.h
> This tweak should allow the a system administrator to use umask and ACL entries as they were intended rather than having the application stomp over those configurations.  If a particular distribution wishes to tighten default perms they can do so easily by modifying include/asterisk.h.
> Note I did not modify the behavior of apps/app_voicemail.c's VOICEMAIL_FILE_MODE as it appeared sufficient and non-conflicting to me.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list