[asterisk-users] Newbie Asterisk: Install Asterisk as non-root

Thu May 15 05:12:12 CDT 2008

Lee, John (Sydney) wrote:
> I was following the instruction on
> http://www.voip-info.org/wiki-Asterisk+non-root to re-install my
> Asterisk as non-root when I had the following questions/issues:
> 
> 1) " Use your system's preferred method of adding a new user. Examples: 
> Red Hat: adduser -c "Asterisk PBX" -d /var/lib/asterisk -u 5060
> asterisk"
> ###Why did we have to choose uid as 5060?  
> ###In fact, do you need to specify the uid at all?

Nope - the UID doesn't matter, but it is general practice to keep system 
  (application) UIDs below 100 or 1000 and "normal" users above. So I'd 
use a number below 100 or 1000 depending on your linux distro's standard.

> 
> 2) "Edit your Asterisk config file (/etc/asterisk/asterisk.conf): 
> astrundir => /var/run/asterisk 
> Recompile and reinstall Asterisk."
> ### Seems a bit strange to modify this before you recompile.
> ### As it turns out, the reinstall did not change the astrundir variable
> ### You have to manually modify it if this modification is actually
> required.
> 

That won't affect compilation whatsoever.

> 
> 3) "Also, make note that if you're running udev on your system
> (linux-2.6), the /dev directory is dynamically populated with device
> nodes, meaning that any permissions you set on /dev/zap will be lost on
> your next reboot, and you may get a nasty message such as "Asterisk
> ended with exit status 1" 
> when trying to start asterisk. Read the file
> /path/to/zaptel-src-1.2.x/README.udev for instructions on how to change
> the user/group assigned to /dev/zap. "
> ### There is actually no README.udev file in zaptel source.
> ### Do I need to worry about this if "uname -r" returns 2.6.18-8.el5
> ### What actually is udev?
> 

udev help linux to dynamically create/remove the interfaces to various 
hardware devices and so forth. After installing the zaptel module you'll 
see a udev rules file "zaptel.rules" in your etc/udev configuration 
area. It doesn't take a genius to work out if or how you need to change 
anything in that file...

> 4) "Asterisk needs read permission for these directories and their
> contents: 
> /etc/asterisk.
> chown --recursive root:asterisk /etc/asterisk"
> ### root is not in group asterisk
> ### All the while, the instruction has been saying to create a user
> asterisk
> ### under group asterisk.
> ### Does it mean to put root into group asterisk as well???
> ### Or should it be "chown --recursive asterisk:asterisk /etc/asterisk"
> ?

There is reason behind this. It is possibly more secure to make the 
"owner" root and just allow group access by asterisk. Setting the files 
as above permits read/write only by the user root and read only by 
members of the group asterisk.

> 
> 5) Another article says that running as non-root will prevent ToS being
> used.
> What is ToS?  Do I need to be concerned?

http://en.wikipedia.org/wiki/Type_of_Service. Why you can't use this as 
non-root I do not understand...

> Any thoughts?
> 

I wrote up my solution for building and running asterisk as non-root 
here: 
http://www.theopensourcerer.com/2007/10/30/untangle-asterisk-pbx-and-file-server-all-in-one-part-7/

I have read somewhere that voicemail.conf needs to be writeable by 
Asterisk so users can change their vmailbox passwords. I haven't 
confirmed this but I set voicemail.conf to be writeable by group 
asterisk just in case.

Hope this helps.

Al

-- 
The way out is open!
http://www.theopensourcerer.com