[asterisk-users] call file and NFS server

A J Stiles asterisk_list at earthshod.co.uk
Fri Jul 6 07:03:39 CDT 2012


On Friday 06 July 2012, Chandrakant Solanki wrote:
> I have 3 server, 2 running with asterisk and another one generate call
> files say some directory callfile/serverA and callfile/serverB (NFS
> Sharing) and mounted this directory to respectively on Server A (Asterisk)
> and Server B(Asterisk) on /var/spool/asterisk/outgoing.
> 
> Server A has Asterisk 1.8.0-rc2 and Server B has asterisk version 1.8.9.0,
> and both asterisk compile  ./configure --without-inotify
> 
> Callfile will execute call successfully on both machine, but got the
> following problem
> 
> *[Jul  6 16:15:04] WARNING[26921]: pbx_spool.c:278 safe_append: Unable to
> set utime on /var/spool/asterisk/outgoing/1000000005.call: Operation not
> permitted
> *
> I have set the folder (callfile/Server{A/B})  permission to 777 as well as
> call file permission to 777.

The problem is that root on one machine doesn't have full root access to other 
users' files on NFS shares.  A user logged in as root on a local machine and 
accessing an NFS share on a remote machine ordinarily has *fewer* privileges, 
and even world write doesn't allow remote root write.  This is by design; as 
otherwise, a local privilege escalation on one machine can lead to a whole-
network privilege escalation.

(By the way, you should have permissions 666 for a callfile, not 777.  Callfiles 
should not be executable.)

You could either recompile all the NFS stuff  (not really recommended);  or 
have the callfile generated and re-timed by a CGI script on the remote machine  
(where /var/spool/asterisk/outgoing actually is),  fired off by `wget` on the 
local machine.

-- 
AJS

Answers come *after* questions.



More information about the asterisk-users mailing list