[asterisk-users] asterisk as non-root/best practices
Alan Lord
alanslists at gmail.com
Wed Nov 21 14:12:58 CST 2007
Robert McNaught wrote:
> Thanks Tzafrir, I took the stuff out of visudo - it turns out the only
> way I could get this working was to create a symbolic link -
> /usr/bin/asterisk to point to /home/asterisk .....asterisk - using
> the link created in /usr/sbin/ would not work for 'asterisk -r'
>
> It seems that all commands in /usr/sbin/. were unexecutable by user
> 'asterisk' or 'admin' - I think that this is to do with the fact that
> the sbin directory is only designed for root executable files.
>
> What is your recommendation on having an admin user be able to edit
> configs without using the same username as the asterisk daemon - would
> you create a group 'asterisk' and have users 'admin' and 'asterisk' as
> part of that group - If the system was compiled to run as asterisk,
> then the owner for the config files are all stored in the
> /home/asterisk/ subdirectory and are owned by 'asterisk'.
>
> Can you offer any thoughts on that?
>
> Cheers :-)
>
> Robert
I'm not quite sure I understand where your troubles are...
There are quite a few documented methods of building asterisk to run as
a normal user, like on voip-info.org and my blog.
If you follow the instructions, you should end up with an asterisk
binary which runs as a non-root user and can access and write to the
appropriate files where necessary and is pretty much invisible to the
rest of the world, except root or admin if you prefer.
Here's some links which describe the solution:
http://www.voip-info.org/wiki/index.php?page=Asterisk+non-root
http://www.theopensourcerer.com/2007/10/30/untangle-asterisk-pbx-and-file-server-all-in-one-part-7/
HTH
Alan
--
The way out is open!
http://www.theopensourcerer.com
More information about the asterisk-users
mailing list