[Asterisk-Users] Running as non-root user ( was: Vmail.cgi Bahhh!!)
Paul Dugas
Paul at DugasEnterprises.com
Wed Oct 20 09:40:11 MST 2004
Being fairly retentive about security and a long time admin of Solaris and
Linux machines, I find the default behaviour of * running as root
troubling. Forgive the potential offense but I don't trust *anyone*
(including myself unless I have to) with root access. If * is to become a
product for the world of system admins to manage and monitor, it needs to
have this problem addressed.
It seems to me that given proper permissions in the installer for the
files and devices (as Ryan suggested below), we may be able to achieve
much of this rather painlessly. The TCP ports * listens on are all above
1024 I think so that's not an issue. What are the chances of seeing this
in a 1.1 release?
Paul
"Retentive Boy"
Ryan Courtnage said:
> Modify *'s top-level Makefile to make ASTVARRUNDIR = /var/run/asterisk
>
> Build and install * (as root)
>
> Assuming your Asterisk user/group is 'asterisk', do the following:
>
> chown -R asterisk:asterisk /var/run/asterisk
> chown -R asterisk:asterisk /etc/asterisk
> chown -R asterisk:asterisk /var/lib/asterisk
> chown -R asterisk:asterisk /var/log/asterisk
> chown -R asterisk:asterisk /var/spool/asterisk
> chown -R asterisk:asterisk /dev/zap
> chown asterisk /dev/tty9
>
> Then modify apache to also run as 'asterisk'.
>
> If you want a real-world example or a step-by-step for doing this, check
> out our AMP project (amp.voxbox.ca).
--
Paul A. Dugas Dugas Enterprises, LLC
email: paul at dugasenterprises.com 1711 Indian Ridge Drive
phone: 404.932.1355 fax: 770.516-4841 Woodstock, GA 30189 USA
[ onsite at the Georgia DOT's West Annex, 404.463.2860 x158 ]
More information about the asterisk-users
mailing list