[asterisk-users] asterisk at non-root / zaptel

Alan Lord alanslists at gmail.com
Wed Oct 17 02:43:59 CDT 2007


Robert McNaught wrote:
> Alan,
> 
> What do you mean by the udev rules?
> 
> I previously had asterisk compiled and running as user and group 'asterisk'
> 
> zaptel and libpri were compiled and installed using user 'root'
> 
> so the zaptel service was root.  I had a dependency issue with asterisk 
> trying to access a file owned by root for zaptel to work.  How is yours 
> configured?
> 
> Should I be trying to compile and install libpri and zaptel as user 
> 'asterisk' - I tried this but would not compile as dependency problems 
> with files being owned as root.  Do you know if there is options in the 
> make command to put when you compile libpri and zaptel as user 
> 'asterisk' - maybe that would get round it?
> 
> Cheers
> 
> Robert
> 

Hi Robert,

most recent Linux systems use an automatic process to create and manage 
device nodes under /dev. This is called udev.

In your /etc directory there should be something along the lines of udev 
or rc.udev or rules.d...

In my build I have /etc/udev/rules.d/udev_rules_files_in_here

If you run 'make config' in the zaptel build (after make install) it 
will install a file called zaptel.rules into the udev hierarchy. It put 
mine under rules.d

Here is the contents of zaptel.rules:

# zaptel devices with ownership/permissions for running as non-root
KERNEL=="zapctl", NAME="zap/ctl", OWNER="asterisk", GROUP="asterisk", 
MODE="0660"
KERNEL=="zaptranscode", NAME="zap/transcode", OWNER="asterisk", 
GROUP="asterisk", MODE="0660"
KERNEL=="zaptimer", NAME="zap/timer", OWNER="asterisk", 
GROUP="asterisk", MODE="0660"
KERNEL=="zapchannel", NAME="zap/channel", OWNER="asterisk", 
GROUP="asterisk", MODE="0660"
KERNEL=="zappseudo", NAME="zap/pseudo", OWNER="asterisk", 
GROUP="asterisk", MODE="0660"
KERNEL=="zap[0-9]*", NAME="zap/%n", OWNER="asterisk", GROUP="asterisk", 
MODE="0660"

As you should be able to see, this file creates the relevant device 
nodes with owner and group "asterisk". When Linux boots if zaptel 
modules get loaded, these devices will be created under /dev.

That's really all you have to do for zaptel...

On my installation, I initially built and installed zaptel and asterisk 
as root. (You shouldn't be able to run 'make install' unless you are 
root or have root privileges)

Once installed I set up the directory structure as follows:

-----------My notes from installing asterisk as non-root user--------

Create asterisk user

groupadd -g 75 asterisk
useradd -c "Asterisk PBX" -d /var/lib/asterisk -g asterisk -s /bin/false 
-u 75 asterisk

     /var/lib/asterisk
     /var/log/asterisk
     /var/run/asterisk
     /var/spool/asterisk
     /dev/zap/* (If you install the zaptel modules and use the 'make 
config' command, a udev rules file (zaptel.rules) will be written to 
/etc/udev/rules.d. This will allow udev to create the zaptel device 
files as user:group asterisk.

    chown -R asterisk:asterisk 
/var/{lib/asterisk,log/asterisk,run/asterisk,spool/asterisk}

    chmod 750 /var/{lib/asterisk,log/asterisk,run/asterisk,spool/asterisk}
    chmod -R o= /var/{lib/asterisk,log/asterisk,run/asterisk,spool/asterisk}

Asterisk needs read permission for this directory and its contents:

    /etc/asterisk

    chown -R root:asterisk /etc/asterisk
    chmod 750 /etc/asterisk
    chmod 640 /etc/asterisk/*

-----------------------------------------------------------

Then I run asterisk with the -U user and -G group switches in my 
sysvinit scripts.

Hope this helps.

Alan
-- 
The way out is open!
http://www.theopensourcerer.com




More information about the asterisk-users mailing list