[asterisk-dev] [Code Review] non-root install for Asterisk

paul.belanger at polybeacon.com paul.belanger at polybeacon.com
Thu May 27 14:32:50 CDT 2010 


> On 2010-05-08 21:56:27, Tzafrir Cohen wrote:
> > What is exactly the point?
> > 
> > If you test-install Asterisk by a user that is not root, there's no point in using other users, as the user is not permitted to do that. So I suppose this is not a relevant use-case.
> > 
> > The way I see it, if you want to run Asterisk as non-root, you should normally include files owned by root, and only set the ownership to the asterisk user (/group?) for directories that should be writable.
> > 
> > Specifically:
> > * varlibdir (/var/lib/asterisk in a LFS system. As are other pathes mentioned here)
> > * varrundir (/var/run/asterisk)
> > * varspooldir (/var/spool/asterisk)
> > 
> > Other pathes:
> > * astdatadir, if different from varlibdir, is intended for read-only data. Should not be writable by asterisk.
> > * moh directory (in that case)
> > * AGI directory (in that case)
> > 
> > BTW: should the documentation be installed under static-http and not in the documentation directory?

I think it is just basic security.  There is no real benefit to running as root, so why make Asterisk?  All this patch-set will do is give the installer the ability to toggle this.


- pabelanger


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/654/#review1988
-----------------------------------------------------------


On 2010-05-08 11:05:34, pabelanger wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviewboard.asterisk.org/r/654/
> -----------------------------------------------------------
> 
> (Updated 2010-05-08 11:05:34)
> 
> 
> Review request for Asterisk Developers.
> 
> 
> Summary
> -------
> 
> Make Asterisk install as non-root, this is now the default behavior.
> 
> 3 new configure options:
> --with-user=uid
> --with-group=gid
> --disable-non-root
> 
> Various changes to Makefile, prefer install over mkdir, mv, chmod and chgrp.
> 
> 
> Diffs
> -----
> 
>   /trunk/Makefile 262089 
>   /trunk/Makefile.moddir_rules 262089 
>   /trunk/agi/Makefile 262089 
>   /trunk/configure.ac 262089 
>   /trunk/include/asterisk/autoconfig.h.in 262089 
>   /trunk/makeopts.in 262089 
>   /trunk/sounds/Makefile 262089 
> 
> Diff: https://reviewboard.asterisk.org/r/654/diff
> 
> 
> Testing
> -------
> 
> Much more testing required. Only tested with Ubuntu.
> 
> 
> Thanks,
> 
> pabelanger
> 
>

More information about the asterisk-dev mailing list