[asterisk-users] call file and NFS server
Steve Edwards
asterisk.org at sedwards.com
Fri Jul 6 10:17:30 CDT 2012
> On Friday 06 July 2012, Chandrakant Solanki wrote:
>> I have set the folder (callfile/Server{A/B}) permission to 777 as well
>> as call file permission to 777.
On Fri, 6 Jul 2012, A J Stiles wrote:
> (By the way, you should have permissions 666 for a callfile, not 777.
> Callfiles should not be executable.)
Whenever I see 777 (or it's Satanic cousin, 666) I see 'I don't really
understand ownership and permissions so let's just allow everything and
hope for the best.'
Do you really intend to allow every user and exploited program to be able
to create call files? (And if you've done this, you've probably created
other holes in your system's security.)
While 'opening the flood gates' is (IMO) a valid temporary debugging
technique to identify the source of the problem, the directories and files
should be owned by the user executing Asterisk and permissions should
limit reading to only users and groups that need reading and limit writing
to only users and groups that need writing.
I don't have any need or experience with call files on my production
boxes, but I suspect a successful implementation would include NTP and
creating the call file in another directory on the shared device and then
moving the call file to the outgoing spool directory.
--
Thanks in advance,
-------------------------------------------------------------------------
Steve Edwards sedwards at sedwards.com Voice: +1-760-468-3867 PST
Newline Fax: +1-760-731-3000
More information about the asterisk-users
mailing list