[asterisk-users] asterisk at non-root / zaptel
Alan Lord
alanslists at gmail.com
Wed Oct 17 02:43:59 CDT 2007
Robert McNaught wrote:
> Alan,
>
> What do you mean by the udev rules?
>
> I previously had asterisk compiled and running as user and group 'asterisk'
>
> zaptel and libpri were compiled and installed using user 'root'
>
> so the zaptel service was root. I had a dependency issue with asterisk
> trying to access a file owned by root for zaptel to work. How is yours
> configured?
>
> Should I be trying to compile and install libpri and zaptel as user
> 'asterisk' - I tried this but would not compile as dependency problems
> with files being owned as root. Do you know if there is options in the
> make command to put when you compile libpri and zaptel as user
> 'asterisk' - maybe that would get round it?
>
> Cheers
>
> Robert
>
Hi Robert,
most recent Linux systems use an automatic process to create and manage
device nodes under /dev. This is called udev.
In your /etc directory there should be something along the lines of udev
or rc.udev or rules.d...
In my build I have /etc/udev/rules.d/udev_rules_files_in_here
If you run 'make config' in the zaptel build (after make install) it
will install a file called zaptel.rules into the udev hierarchy. It put
mine under rules.d
Here is the contents of zaptel.rules:
# zaptel devices with ownership/permissions for running as non-root
KERNEL=="zapctl", NAME="zap/ctl", OWNER="asterisk", GROUP="asterisk",
MODE="0660"
KERNEL=="zaptranscode", NAME="zap/transcode", OWNER="asterisk",
GROUP="asterisk", MODE="0660"
KERNEL=="zaptimer", NAME="zap/timer", OWNER="asterisk",
GROUP="asterisk", MODE="0660"
KERNEL=="zapchannel", NAME="zap/channel", OWNER="asterisk",
GROUP="asterisk", MODE="0660"
KERNEL=="zappseudo", NAME="zap/pseudo", OWNER="asterisk",
GROUP="asterisk", MODE="0660"
KERNEL=="zap[0-9]*", NAME="zap/%n", OWNER="asterisk", GROUP="asterisk",
MODE="0660"
As you should be able to see, this file creates the relevant device
nodes with owner and group "asterisk". When Linux boots if zaptel
modules get loaded, these devices will be created under /dev.
That's really all you have to do for zaptel...
On my installation, I initially built and installed zaptel and asterisk
as root. (You shouldn't be able to run 'make install' unless you are
root or have root privileges)
Once installed I set up the directory structure as follows:
-----------My notes from installing asterisk as non-root user--------
Create asterisk user
groupadd -g 75 asterisk
useradd -c "Asterisk PBX" -d /var/lib/asterisk -g asterisk -s /bin/false
-u 75 asterisk
/var/lib/asterisk
/var/log/asterisk
/var/run/asterisk
/var/spool/asterisk
/dev/zap/* (If you install the zaptel modules and use the 'make
config' command, a udev rules file (zaptel.rules) will be written to
/etc/udev/rules.d. This will allow udev to create the zaptel device
files as user:group asterisk.
chown -R asterisk:asterisk
/var/{lib/asterisk,log/asterisk,run/asterisk,spool/asterisk}
chmod 750 /var/{lib/asterisk,log/asterisk,run/asterisk,spool/asterisk}
chmod -R o= /var/{lib/asterisk,log/asterisk,run/asterisk,spool/asterisk}
Asterisk needs read permission for this directory and its contents:
/etc/asterisk
chown -R root:asterisk /etc/asterisk
chmod 750 /etc/asterisk
chmod 640 /etc/asterisk/*
-----------------------------------------------------------
Then I run asterisk with the -U user and -G group switches in my
sysvinit scripts.
Hope this helps.
Alan
--
The way out is open!
http://www.theopensourcerer.com
More information about the asterisk-users
mailing list