[asterisk-users] call file and NFS server
A J Stiles
asterisk_list at earthshod.co.uk
Fri Jul 6 07:03:39 CDT 2012
On Friday 06 July 2012, Chandrakant Solanki wrote:
> I have 3 server, 2 running with asterisk and another one generate call
> files say some directory callfile/serverA and callfile/serverB (NFS
> Sharing) and mounted this directory to respectively on Server A (Asterisk)
> and Server B(Asterisk) on /var/spool/asterisk/outgoing.
>
> Server A has Asterisk 1.8.0-rc2 and Server B has asterisk version 1.8.9.0,
> and both asterisk compile ./configure --without-inotify
>
> Callfile will execute call successfully on both machine, but got the
> following problem
>
> *[Jul 6 16:15:04] WARNING[26921]: pbx_spool.c:278 safe_append: Unable to
> set utime on /var/spool/asterisk/outgoing/1000000005.call: Operation not
> permitted
> *
> I have set the folder (callfile/Server{A/B}) permission to 777 as well as
> call file permission to 777.
The problem is that root on one machine doesn't have full root access to other
users' files on NFS shares. A user logged in as root on a local machine and
accessing an NFS share on a remote machine ordinarily has *fewer* privileges,
and even world write doesn't allow remote root write. This is by design; as
otherwise, a local privilege escalation on one machine can lead to a whole-
network privilege escalation.
(By the way, you should have permissions 666 for a callfile, not 777. Callfiles
should not be executable.)
You could either recompile all the NFS stuff (not really recommended); or
have the callfile generated and re-timed by a CGI script on the remote machine
(where /var/spool/asterisk/outgoing actually is), fired off by `wget` on the
local machine.
--
AJS
Answers come *after* questions.
More information about the asterisk-users
mailing list