Advantage / Disadvantage to install asterisk from CVS was:
[Asterisk-Dev] Asterisk run as non root
Tzafrir Cohen
tzafrir.cohen at xorcom.com
Wed Sep 14 06:39:44 MST 2005
On Wed, Sep 14, 2005 at 07:28:06AM -0600, Joseph wrote:
> On Wed, 2005-09-14 at 12:10 +0300, Tzafrir Cohen wrote:
> > > > >I'm follows installation instruction from wiki and there is
> > section
> > > > >"Running Asterisk not as root"
> > > > >It is not difficult to follow, but time taking.
> > > > >
> > > > >Why isn't this section implemented as in cvs if it is considered
> > as
> > > > >security issue? I'm sure it wouldn't take much time to write a
> > small
> > > > >script that would change all the file permission and ownership
> > during
> > > > >installation.
> >
> > That script needs to create a user. Or is it a group? With what name?
> > That part needs to be run only once.
> >
> > Now you need to chown/chmod a bunch of directories. And also make sure
> > asterisk is never run without -U . Or is it -G? Or both? Or is it the
> > job of safe_asterisk to do that?
> >
> > No, this is the job of the installer/packager. Wanna prove me wrong?
> > Please write that script.
>
> I've noticed that part is easy on Gentoo; emerge asterisk
> will do all the work for you: Installing start-up script in /etc/init.d/
> configuration file in /etc/conf.d/ and add right urser, owner group.
> So right after emerge, you can unmerge the portage version, compile from
> cvs and change permission.
What you probably don't know is how long it took to debug that script.
I also wonder if the same init.d script could be used on a Debian system
and on a Gentoo system.
Regarding owndership:
On Debian by default only -U is used. -G is unnecessary as Asterisk gets
all the default groups of the user passed with -U if there is no -G .
(There was a small patch to do that in a response to a bug report asking
for allowing multiple groups in -G).
The group that owns the zaptel device files happens to be 'sounds' . It
can not be 'asterisk' as there are some non-Asterisk users of zaptel.
udev does not work out-of the box, and thus sadly has to be odcumented
in README.Debian.
--
Tzafrir Cohen icq#16849755 +972-50-7952406
tzafrir.cohen at xorcom.com http://www.xorcom.com
More information about the asterisk-dev
mailing list