[Asterisk-Users] Asterisk & sudo from httpd

Robert Hajime Lanning lanning+asterisk at monsoonwind.com
Sun Sep 5 16:38:29 MST 2004 

Do not use "sudo -u apache", that switches to the apache user and
runs the command "/usr/sbin/asterisk -rx "show version"".

The asterisk command needs to be run as root, so your PHP script
would exec "sudo /usr/sbin/asterisk -rx "show version"".

<quote who="Roland Zagler">
> Hello!
>
> I want to use "asterisk -rx "show version"" from a php script called
> in
> the browser using the local apache, which runs as user "apache".
> Asterisk is running as root.
>
> I added the following line to /etc/sudoers using visudo:
>
>      apache    ALL = NOPASSWD: /usr/sbin/asterisk
>
> When i am on the command line of my linux box it looks like this:
>
> --------------------------------------------------------
> # sudo /usr/sbin/asterisk -rx "show version"
>
> Asterisk 1.0-RC2 built by root at zrlin01.laureen.at on a i686 running
> Linux
>
> # sudo -u apache /usr/sbin/asterisk -rx "show version"
>
> Unable to connect to remote asterisk
> --------------------------------------------------------
>
> "strace" showed me that there is an access problem with
> "/var/run/asterisk.ctl":
>
> --------------------------------------------------------
> munmap(0xbf334000, 4096)                = 0
> socket(PF_FILE, SOCK_STREAM, 0)         = 3
> connect(3, {sa_family=AF_FILE, path="/var/run/asterisk.ctl"}, 110) =
> -1
> EACCES (Permission denied)
> close(3)                                = 0
> time([1094419366])                      = 1094419366
> fstat64(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 0), ...}) = 0
> mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
> 0) = 0xbf334000
> write(1, "Unable to connect to remote aste"..., 37) = 37
> munmap(0xbf334000, 4096)                = 0
> exit_group(1)                           = ?
> --------------------------------------------------------
>
> System description:
> Fedora Core 1
> Kernel 2.4.22
> Sudo 1.6.7p5
> Apache httpd 2.0.50
> Asterisk 1.0-RC2
>
> Can anyone please help?
>
> Thank you in advance!
>
>
> Roland Zagler
> mailto:r.zagler at fog.at
> @fog smart partners
> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users
>
>


-- 
END OF LINE
       -MCP

More information about the asterisk-users mailing list