[asterisk-dev] Asterisk crunches ACLs and umask by default,
suggested fix
Ben Klang
ben at alkaloid.net
Sun Feb 19 10:15:28 MST 2006
On Sunday 19 February 2006 08:34, Mark Hulber wrote:
> If I wasn't the only person to access my Asterisk box I would find it a
> problem that /etc/asterisk has 0755 permissions. Maybe I created it
> this way and it's not the default but since it has account information
> and passwords in it the directory should be privileged. Likewise, I
> don't think /var/log/asterisk should be readable by everyone. CDRs and
> identifying system messages are not everyone's business.
Keep in mind that this file mask only applies to files newly created by the
Asterisk daemon. Files created during `make install' would still be subject
to the permissions found in the Makefile. Also chmoding /etc/asterisk
post-install more restrictive would never be reset by the daemon. For the
even more security conscious adding a line such as `umask 027' or even `umask
077' to the top of the script that starts Asterisk at boot and/or setting
default ACLs on the directories in question would force ALL files created by
the running daemon to have far more restrictive perms than most of the
existing creation modes today.
Does this satisfy your requirement?
/BAK/
--
Ben Klang
Alkaloid Networks
ben at alkaloid.net
404.475.4821
http://projects.alkaloid.net
More information about the asterisk-dev
mailing list