[asterisk-dev] Asterisk crunches ACLs and umask by default, suggested fix

Mark Hulber asterisk-admin at hulber.com
Sun Feb 19 06:34:13 MST 2006

If I wasn't the only person to access my Asterisk box I would find it a 
problem that /etc/asterisk has 0755 permissions.  Maybe I created it 
this way and it's not the default but since it has account information 
and passwords in it the directory should be privileged.  Likewise, I 
don't think /var/log/asterisk should be readable by everyone.  CDRs and 
identifying system messages are not everyone's business.


Ben Klang wrote:
> On Thursday 16 February 2006 15:47, Rod Dorman wrote:
>> Well the first question that comes to mind is, Is there any down side?
>> Is there any scenario where this wouldn't be the expected thing to do?
> I have considered this quite a bit is and I feel this is the proper thing to 
> do across the board.  The only files/directories that shouldn't be leave the 
> permissions up to the operating system's default are files that contain 
> potentially sensitive data.  I can see the argument for Voicemail wav files 
> falling in this category.  However this can be addressed in two ways: 1: The 
> default install will create the voicemail spool directory as non-world 
> readable/executable and 2: the local system administrator can provide a 
> tighter umask or default ACL.  Since the default for most systems' umask is 
> 022 and the mode flag only applies to newly created files, I think this is a 
> much more sane default than the variety of modes that I replaced in the 
> sources.
> But this is just my opinion.  I may have missed something.
> /BAK/
> --
> Ben Klang
> Alkaloid Networks
> ben at alkaloid.net
> 404.475.4850
> http://projects.alkaloid.net
> _______________________________________________
> --Bandwidth and Colocation provided by Easynews.com --
> asterisk-dev mailing list
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-dev

More information about the asterisk-dev mailing list