[Asterisk-Users] Vmail.cgi Bahhh!!
Ryan Courtnage
ryan-lists at voxbox.ca
Wed Oct 20 08:53:22 MST 2004
On Wed, 2004-20-10 at 11:40 -0400, Deon Rodden wrote:
> Are there no permissions issues that will ever come up by running Asterisk
> as a non-root user?
Modify *'s top-level Makefile to make ASTVARRUNDIR = /var/run/asterisk
Build and install * (as root)
Assuming your Asterisk user/group is 'asterisk', do the following:
chown -R asterisk:asterisk /var/run/asterisk
chown -R asterisk:asterisk /etc/asterisk
chown -R asterisk:asterisk /var/lib/asterisk
chown -R asterisk:asterisk /var/log/asterisk
chown -R asterisk:asterisk /var/spool/asterisk
chown -R asterisk:asterisk /dev/zap
chown asterisk /dev/tty9
Then modify apache to also run as 'asterisk'.
If you want a real-world example or a step-by-step for doing this, check
out our AMP project (amp.voxbox.ca).
Cheers
Ryan
> My Asterisk server is a dedicated/closed system, only I have access to ssh
> into it. It's also behind an external firewall that only allows certain udp
> ports through from the world. And ssh from my specific static IP. So I tried
> my best to keep the security tight. But if there's no performance impact or
> any permission downsides to running Asterisk as non-root, I'm game.
More information about the asterisk-users
mailing list