[Asterisk-Users] Asterisk & sudo from httpd

Matthew Boehm mboehm at cytelcom.com
Mon Sep 6 11:32:19 MST 2004


thats about the most unsecure thing I've ever seen.  there is a reason you
don't run apache as root and therefore having a script that sudo's is just
as bad.

try using the manager interface for better security.  * shouldn't be running
as root either if we want to get nitty-gritty about security.

Matthew

----- Original Message ----- 
From: "Roland Zagler" <r.zagler at fog.at>
To: <asterisk-users at lists.digium.com>
Sent: Sunday, September 05, 2004 4:52 PM
Subject: [Asterisk-Users] Asterisk & sudo from httpd


Hello!

I want to use "asterisk -rx "show version"" from a php script called in
the browser using the local apache, which runs as user "apache".
Asterisk is running as root.

I added the following line to /etc/sudoers using visudo:

     apache    ALL = NOPASSWD: /usr/sbin/asterisk

When i am on the command line of my linux box it looks like this:

--------------------------------------------------------
# sudo /usr/sbin/asterisk -rx "show version"

Asterisk 1.0-RC2 built by root at zrlin01.laureen.at on a i686 running
Linux

# sudo -u apache /usr/sbin/asterisk -rx "show version"

Unable to connect to remote asterisk
--------------------------------------------------------

"strace" showed me that there is an access problem with
"/var/run/asterisk.ctl":

--------------------------------------------------------
munmap(0xbf334000, 4096)                = 0
socket(PF_FILE, SOCK_STREAM, 0)         = 3
connect(3, {sa_family=AF_FILE, path="/var/run/asterisk.ctl"}, 110) = -1
EACCES (Permission denied)
close(3)                                = 0
time([1094419366])                      = 1094419366
fstat64(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 0), ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0xbf334000
write(1, "Unable to connect to remote aste"..., 37) = 37
munmap(0xbf334000, 4096)                = 0
exit_group(1)                           = ?
--------------------------------------------------------

System description:
Fedora Core 1
Kernel 2.4.22
Sudo 1.6.7p5
Apache httpd 2.0.50
Asterisk 1.0-RC2

Can anyone please help?

Thank you in advance!


Roland Zagler
mailto:r.zagler at fog.at
@fog smart partners
_______________________________________________
Asterisk-Users mailing list
Asterisk-Users at lists.digium.com
http://lists.digium.com/mailman/listinfo/asterisk-users
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users




More information about the asterisk-users mailing list