[asterisk-users] asterisk as non-root/best practices

Tzafrir Cohen tzafrir.cohen at xorcom.com
Wed Nov 21 13:51:53 CST 2007


On Wed, Nov 21, 2007 at 09:37:50AM -0800, Robert McNaught wrote:
> Thanks Tzafrir, I took the stuff out of visudo - it turns out the only
> way I could get this working was to create a symbolic link -
> /usr/bin/asterisk to point to /home/asterisk .....asterisk  - using
> the link created in /usr/sbin/ would not work for 'asterisk -r'
> 
> It seems that all commands in /usr/sbin/. were unexecutable by user
> 'asterisk' or 'admin' - I think that this is to do with the fact that
> the sbin directory is only designed for root executable files.
> 
> What is your recommendation on having an admin user be able to edit
> configs without using the same username as the asterisk daemon - would
> you create a group 'asterisk' and have users 'admin' and 'asterisk' as
> part of that group - If the system was compiled to run as asterisk,
> then the owner for the config files are all stored in the
> /home/asterisk/ subdirectory and are owned by 'asterisk'.

Asterisk needs to be able to read those files. Not necessarily to write
them

You can also permit the admin user to write to the relevant config files
using group ownership and permissions.

-- 
               Tzafrir Cohen
icq#16849755              jabber:tzafrir.cohen at xorcom.com
+972-50-7952406           mailto:tzafrir.cohen at xorcom.com
http://www.xorcom.com  iax:guest at local.xorcom.com/tzafrir



More information about the asterisk-users mailing list