[Asterisk-Users] Vmail.cgi Bahhh!!

Ryan Courtnage ryan-lists at voxbox.ca
Wed Oct 20 08:53:22 MST 2004


On Wed, 2004-20-10 at 11:40 -0400, Deon Rodden wrote: 
> Are there no permissions issues that will ever come up by running Asterisk
> as a non-root user?

Modify *'s top-level Makefile to make ASTVARRUNDIR = /var/run/asterisk

Build and install * (as root)

Assuming your Asterisk user/group is 'asterisk', do the following:

chown -R asterisk:asterisk /var/run/asterisk
chown -R asterisk:asterisk /etc/asterisk
chown -R asterisk:asterisk /var/lib/asterisk
chown -R asterisk:asterisk /var/log/asterisk
chown -R asterisk:asterisk /var/spool/asterisk
chown -R asterisk:asterisk /dev/zap
chown asterisk /dev/tty9

Then modify apache to also run as 'asterisk'.

If you want a real-world example or a step-by-step for doing this, check
out our AMP project (amp.voxbox.ca).

Cheers
Ryan

> My Asterisk server is a dedicated/closed system, only I have access to ssh
> into it. It's also behind an external firewall that only allows certain udp
> ports through from the world. And ssh from my specific static IP. So I tried
> my best to keep the security tight.  But if there's no performance impact or
> any permission downsides to running Asterisk as non-root, I'm game.





More information about the asterisk-users mailing list