[Asterisk-Users] Vmail.cgi Bahhh!!

[Deon Rodden]

Are there no permissions issues that will ever come up by running Asterisk
as a non-root user?

My Asterisk server is a dedicated/closed system, only I have access to ssh
into it. It's also behind an external firewall that only allows certain udp
ports through from the world. And ssh from my specific static IP. So I tried
my best to keep the security tight.  But if there's no performance impact or
any permission downsides to running Asterisk as non-root, I'm game.



-----Original Message-----
From: asterisk-users-bounces at lists.digium.com
[mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Josh Krueger
Sent: Wednesday, October 20, 2004 11:35 AM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [Asterisk-Users] Vmail.cgi Bahhh!!

> asterisk records the files to the filesystem with root permissions,
> which
> a properly configured apache installation doesn't have access too.

Actually, it should only record the files with root permissions if asterisk
itself is running as root.
Which you shouldnt be doing in the first place, serious security problem if
asterisk gets a few exploitable vulnerabilities.

And even if you go about chmodding in a cron job, you shouldnt chmod it 777,
it should at least be 770 with the same group as apache.

Try running asterisk as a regular user, thats in the same group as apache.
Then it should create the files so they are readable by apache, but retain
write permissions for asterisk.
----------------------------------
Josh Krueger
Urban Communications
http://www.urbancom.net/

_______________________________________________
Asterisk-Users mailing list
Asterisk-Users at lists.digium.com
http://lists.digium.com/mailman/listinfo/asterisk-users
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users