[Asterisk-Dev] Enabling consistent file permissions ?

Dave Hawkes daveh at cadlink.com
Tue Oct 4 10:09:27 MST 2005


Kevin P. Fleming wrote:

> Dave Hawkes wrote:
> 
>> I'd be prepared to submit some changes along these lines if they were 
>> likely to be accepted. Any thoughts?
> 
> 
> Personally, I wish Asterisk _never_ explicitly set file permissions at 
> all, and just let the admin do what they wanted using umask.
> 
> AGI is not an issue, since it runs in a separate process.
> 
> If you want to put together a patch to remove _all_ file permission 
> management from Asterisk and do the testing, I'll be glad to review it, 
> but it won't be able to go into 1.2, since it's too significant a change 
> this late in the cycle.

That would be a fit for me also, but I don't know if other people have Asterisk applications with expectations in this 
regard. As far as I can tell a patch to do this is relatively small and the default umask for most systems is usually 
0770 which should be quite safe, security wise. Personally I also patched the contributed safe_asterisk script to set 
the umask, but don't know if that should be included and documented as one easy way of setting the umask.

I'll, put together something, test with AMP (particularly vm manipulation), as that is possibly the biggest reason for 
doing this, and post a patch.

Dave






More information about the asterisk-dev mailing list