<html><body>
<DIV>Thanks everyone it is working now.</DIV>
<DIV> </DIV>
<BLOCKQUOTE style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #1010ff 2px solid">-------------- Original message -------------- <BR>From: Tzafrir Cohen <tzafrir.cohen@xorcom.com> <BR><BR>> On Sun, Sep 17, 2006 at 10:40:16AM -0400, Steve Totaro wrote: <BR>> <BR>> > >you're right, one should proof, under which user asterisk runs... <BR>> > >Besides security reasons, running asterisk as root, doesn't it allow a <BR>> > >higher prioritization of asterisk processes? <BR>> <BR>> This is why we let asterisk setuid itself to user asterisk, and don't <BR>> let the wrappr script handle that. Asterisk sets scheduling priority <BR>> before running setuid/setgid . <BR>> <BR>> > I can see a problem with security issues but is it a bad thing to allow <BR>> > higher priority of the asterisk process? Not sure that it does anyways, <BR>> > but I don't see how that is a bad thing? <BR>> <BR>> It can help the quality
of Audio. On the downside, it means that a 100% <BR>> CPU loop in asterisk is a pain to recover from. Security implications: <BR>> if someone can inject you one line to the dialpan, they can (under the <BR>> right circumstances) get your system stuck very badly . Unless you have <BR>> a manager connection availble. <BR>> <BR>> -- <BR>> Tzafrir Cohen sip:tzafrir@local.xorcom.com <BR>> icq#16849755 iax:tzafrir@local.xorcom.com <BR>> +972-50-7952406 jabber:tzafrir@jabber.org <BR>> tzafrir.cohen@xorcom.com http://www.xorcom.com <BR>> _______________________________________________ <BR>> --Bandwidth and Colocation provided by Easynews.com -- <BR>> <BR>> asterisk-users mailing list <BR>> To UNSUBSCRIBE or update options visit: <BR>> http://lists.digium.com/mailman/listinfo/asterisk-users </BLOCKQUOTE></body></html>