[Asterisk-Users] Vmail.cgi Bahhh!!

Josh Krueger joshk-lists at urbancom.net
Wed Oct 20 08:34:54 MST 2004


> asterisk records the files to the filesystem with root permissions,
> which
> a properly configured apache installation doesn't have access too.

Actually, it should only record the files with root permissions if asterisk
itself is running as root.
Which you shouldnt be doing in the first place, serious security problem if
asterisk gets a few exploitable vulnerabilities.

And even if you go about chmodding in a cron job, you shouldnt chmod it 777,
it should at least be 770 with the same group as apache.

Try running asterisk as a regular user, thats in the same group as apache.
Then it should create the files so they are readable by apache, but retain
write permissions for asterisk.
----------------------------------
Josh Krueger
Urban Communications
http://www.urbancom.net/




More information about the asterisk-users mailing list