[asterisk-dev] Asterisk crunches ACLs and umask by default,
suggested fix
Mark Hulber
asterisk-admin at hulber.com
Sun Feb 19 06:34:13 MST 2006
If I wasn't the only person to access my Asterisk box I would find it a
problem that /etc/asterisk has 0755 permissions. Maybe I created it
this way and it's not the default but since it has account information
and passwords in it the directory should be privileged. Likewise, I
don't think /var/log/asterisk should be readable by everyone. CDRs and
identifying system messages are not everyone's business.
MARK.
Ben Klang wrote:
> On Thursday 16 February 2006 15:47, Rod Dorman wrote:
>
>> Well the first question that comes to mind is, Is there any down side?
>> Is there any scenario where this wouldn't be the expected thing to do?
>>
> I have considered this quite a bit is and I feel this is the proper thing to
> do across the board. The only files/directories that shouldn't be leave the
> permissions up to the operating system's default are files that contain
> potentially sensitive data. I can see the argument for Voicemail wav files
> falling in this category. However this can be addressed in two ways: 1: The
> default install will create the voicemail spool directory as non-world
> readable/executable and 2: the local system administrator can provide a
> tighter umask or default ACL. Since the default for most systems' umask is
> 022 and the mode flag only applies to newly created files, I think this is a
> much more sane default than the variety of modes that I replaced in the
> sources.
>
> But this is just my opinion. I may have missed something.
> /BAK/
> --
> Ben Klang
> Alkaloid Networks
> ben at alkaloid.net
> 404.475.4850
> http://projects.alkaloid.net
> _______________________________________________
> --Bandwidth and Colocation provided by Easynews.com --
>
> asterisk-dev mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-dev
>
More information about the asterisk-dev
mailing list