[asterisk-gui] A GUI Overview

Tzafrir Cohen tzafrir.cohen at xorcom.com
Sat Sep 5 04:07:59 CDT 2009 

On Fri, Sep 04, 2009 at 01:34:14PM -0400, David Kerr wrote:
> Ryan,  Thank you for the useful description.   I would add a couple of
> additional relevant observations...
> 
> 1) The scripts directory contains executable shell scripts that are run on
> request of the GUI by the asterisk server. These perform functions that must
> be executed on the server as they cannot be done from the client browser..

Right. Although there's technically no limitation to run scripts from
there.

The client basically orders Asterisk to run arbitrary shell commands. We
generally hope that the client is limited to javascript code coming from
the GUI, but there is certainly no way to verify that.

The ugly part is that there is no test to check if a command has failed.

> 
> 2) The config directory cannot be read-only... the GUI writes to this
> directory (output from system commands, link to Master.csv)

It can, if you're careful enough. I was as bothered as you, and in the
Debian package made all the writes to under config/tmp which is a
symlink to /var/spool/asterisk/tmp .

The fplip side is that now all the content of that tmp directory is
browsable from the web.

> 
> This last point bothers me somewhat as the number of write/read/delete
> cycles can get quite high.  On my asterisk installation the gui directory is
> on a Compact Flash card and I'd like to minimize the number of writes to
> this.  I solved it by creating a config/tmp that is a softlink to a
> directory on a ramdisk, then I created a patch file that modifies the GUI
> javascript to point to config/tmp for all system output and Master.csv.   If
> you are interested in this patch let me know and I will open a bug and
> attach it for you to look at.

Wow, we think alike :-)

You can find my patches in
http://svn.debian.org/viewsvn/pkg-voip/asterisk-gui/trunk/debian/patches/
svn://svn.debian.org/pkg-voip/asterisk-gui/trunk/debian/patches/

I suggest you take a look at the Debian packaging of Asterisk. In Debian
the datadir is /usr/share/asterisk . Which means that the bulk of the
data is read-only. /var/lib/asterisk is used only for data that can
actually change.

-- 
               Tzafrir Cohen
icq#16849755              jabber:tzafrir.cohen at xorcom.com
+972-50-7952406           mailto:tzafrir.cohen at xorcom.com
http://www.xorcom.com  iax:guest at local.xorcom.com/tzafrir

More information about the asterisk-gui mailing list