[asterisk-users] asterisk as non-root/best practices

[Alan Lord]

Robert McNaught wrote:
> Hi,
> 
> I have set up asterisk to run as non root, and allow admin users to log 
> in to the server as asterisk, which gives them privileges to edit 
> configs in the asterisk home directory.
> 
> As for connecting to the console with 'asterisk -r' - this by default 
> does not work as asterisk is owned stored in /usr/sbin/asterisk
> 
> I am reading that the best way to solve this is to use 'visudo' - I 
> added this:-
> 
> asterisk        ALL=/usr/sbin/asterisk -r           NOPASSWD: ALL
> asterisk        ALL=/usr/sbin/safe_asterisk     NOPASSWD: ALL
> 
> Keep getting 'command not found' when logging in as 'asterisk' and 
> trying to connect to the console
> 
> when I do a 'sudo -l' as user asterisk - I get this
> 
>     user asterisk may run the following commands on this host:
>         (ALL) NOPASSWD: ALL
> 
> but still get command not found when trying to connect to the console - 
> even after using 'sudo asterisk -r'
> 
> If I use 'whereis asterisk' as user asterisk, I get:
> 
> asterisk: /usr/sbin/asterisk /usr/sbin/asterisk.orig /usr/lib/asterisk 
> /usr/include/asterisk /usr/include/asterisk.h /usr/share/man/man8/asterisk.8
> 
> Suggesting that it can see it
> 
> Does anyone have any advice on what the best practice on this would be? 
> and allowing the user asterisk to connect to the console?
> 
> Thanks
> 
> Robert McNaught
> 

Hi Robert,

I have just done this myself. Here's how I described it on my blog 
http://www.theopensourcerer.com/2007/10/30/untangle-asterisk-pbx-and-file-server-all-in-one-part-7/. 
The host server is Linux From Scratch so you might need to change it a 
but but the process seems sound to me.

Cheers

Alan


-- 
The way out is open!
http://www.theopensourcerer.com