[asterisk-dev] Strange issue with permissions and a third party module
Hans-Peter Jansen
hpj at urpla.net
Tue Dec 11 11:57:25 CST 2018
On Montag, 10. Dezember 2018 13:53:38 Joshua C. Colp wrote:
> On Wed, Dec 5, 2018, at 12:40 PM, Hans-Peter Jansen wrote:
> >
> > Why does the Asterisk module behaves differently permission-wise?
>
> How is Asterisk actually run and executed? Is it being run as a systemd
> unit, could that be altering permissions and limiting things?
Yes, it is executed by systemd:
[Unit]
Description=Asterisk PBX
Wants=nss-lookup.target
Wants=network-online.target
After=network-online.target
[Service]
PIDFile=/run/asterisk/asterisk.pid
ExecStart=/usr/sbin/asterisk -fn
ExecReload=/bin/kill -HUP $MAINPID
[Install]
WantedBy=basic.target
Also=systemd-networkd-wait-online.service
and uses the built-in runuser and rungroup mechanism to drop permissions.
> > Does Asterisk use some special protection/capabilities for its modules?
>
> Nope, we do nothing special and rely on the system itself. We can drop down
> to a different user and such, that's about it.
Okay, thank you. Will dig deeper.
Pete
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20181211/7423f257/attachment.html>
More information about the asterisk-dev
mailing list