[Asterisk-Dev] vmail.cgi: File permissions

John Todd jtodd at loligo.com
Fri Jun 20 22:51:59 MST 2003

Shawn -
   This has been discussed before.  I can't seem to find Jon's patch, 
but I found his message about it.  Maybe Jon will submit it here? 


>To: asterisk-users at lists.digium.com
>From: Jon Pounder <JonP at inline.net>
>Subject: Re: [Asterisk-Users] vmail.cgi cannot read/delete messages
>Reply-To: asterisk-users at lists.digium.com
>Date: Wed, 07 May 2003 22:49:46 -0400
>I have a patch to read the file and directory mask to use from the 
>voicemail configuration file.
>At 11:03 PM 5/7/2003 -0400, you wrote:
>>vmail.cgi rocks (if I can borrow the expression for Mark Street). 
>>As Mark pointed out, the /vm/INBOX messages are created with 0700 
>>security and vmail.cgi is not happy.  Apache/cgi/vmail.cgi cannot 
>>play them unless I fool around with the Apache wrapper or chmod 755 
>>*.* thefiles myself.  (Tedious, that is why I like computers).
>>Obviously this is not acceptable.  I took a trip to the 
>>apps/app_voicemail.c country club and found that I can modify it to 
>>force the issue by altering the directory and files as it "happens" 
>>when recording takes place. 
>>What is everybody else doing?
>>I am, for sure, not the only one with this issue.  It comes with 
>>the cgi territory.  I am trying to keep my pearl vmail script with 
>>the -T switch.  I can also modify with chmod here but I am going to 
>>force the issue, I prefer the "c" code.
>  > Uriel

>Here are some ideas on this topic.
>1. First the make file or what ever installs the vmail.cgi does not install
>it on a Debian system.  I have to copy it manually to /usr/lib/cgi-bin.
>2. Why not have the Voicemail have the UID/GID of certain user and then have
>the vmail.cgi switch to that user when someone logs in.
>3. Or the most tricky because most people probably don't use there Asterisk
>server as the mail server in there net but some of us only have one server
>so have the UID/GID set the user when they login and then have the Voicemail
>belong to that user like most e-mail systems do.  Even Better yet have the
>Voicemail stored in the users home directory so their quota applies to it.
>Just some thoughts.
>-----Original Message-----
>From: asterisk-dev-admin at lists.digium.com
>[mailto:asterisk-dev-admin at lists.digium.com]On Behalf Of Brian Capouch
>Sent: Friday, June 20, 2003 15:46
>To: asterisk-dev at lists.digium.com
>Subject: [Asterisk-Dev] vmail.cgi: File permissions
>I'm working on vmail.cgi; being able to work on voicemails through a web
>interface is waaaay friendlier than "message at a time" through the POTS
>It doesn't work out of the box if the UID of the web server (in my case
>"nobody") isn't the same as the UID of the asterisk process (in my case
>"root").  Not even reading messages works because the VM files are
>created with permissions 700.
>So I wonder what the correct way of doing this is?  Opening up
>/var/spool/asterisk/voicemail to the world doesn't seem like a very good
>choice, but having vmail.cgi run as root seems even less good.

More information about the asterisk-dev mailing list