[asterisk-users] Newbie Asterisk: Install Asterisk as non-root
Tzafrir Cohen
tzafrir.cohen at xorcom.com
Thu May 15 05:30:09 CDT 2008
On Thu, May 15, 2008 at 06:17:12PM +1000, Lee, John (Sydney) wrote:
>
> I was following the instruction on
> http://www.voip-info.org/wiki-Asterisk+non-root to re-install my
> Asterisk as non-root when I had the following questions/issues:
For those wondering what the fuss is all about, look at:
He was actually refering to:
http://www.voip-info.org/wiki/page_history.php?page_id=745&preview=40
>
>
> 1) " Use your system's preferred method of adding a new user. Examples:
> Red Hat: adduser -c "Asterisk PBX" -d /var/lib/asterisk -u 5060
> asterisk"
> ###Why did we have to choose uid as 5060?
> ###In fact, do you need to specify the uid at all?
Right. No need.
>
>
> 2) "Edit your Asterisk config file (/etc/asterisk/asterisk.conf):
> astrundir => /var/run/asterisk
> Recompile and reinstall Asterisk."
> ### Seems a bit strange to modify this before you recompile.
> ### As it turns out, the reinstall did not change the astrundir variable
> ### You have to manually modify it if this modification is actually
> required.
This was not written clearly. I put there a separate case for Asterisk
>= 1.4 . Did it require a rebuild on 1.2 ?
TODO: update on the vanishing /var/run/asterisk at boot on a certain
distribution .
>
> 3) "Also, make note that if you're running udev on your system
> (linux-2.6), the /dev directory is dynamically populated with device
> nodes, meaning that any permissions you set on /dev/zap will be lost on
> your next reboot, and you may get a nasty message such as "Asterisk
> ended with exit status 1"
> when trying to start asterisk. Read the file
> /path/to/zaptel-src-1.2.x/README.udev for instructions on how to change
> the user/group assigned to /dev/zap. "
> ### There is actually no README.udev file in zaptel source.
> ### Do I need to worry about this if "uname -r" returns 2.6.18-8.el5
> ### What actually is udev?
I see that this is not docuemnted anywhere, actually . Zaptel now (as of
around 1.4.8, I believe) creates udev rules that set the userame of the
device to Asterisk.
Some distributions (Gentoo and Debian) replace that with a rule that
sets the group to "dialout" (hence the need to add Asterisk to the group
'dialout').
>
>
> 4) "Asterisk needs read permission for these directories and their
> contents:
> /etc/asterisk.
> chown --recursive root:asterisk /etc/asterisk"
> ### root is not in group asterisk
root can read/write everything anyway, regardless of ownership.
> ### All the while, the instruction has been saying to create a user
> asterisk
> ### under group asterisk.
> ### Does it mean to put root into group asterisk as well???
> ### Or should it be "chown --recursive asterisk:asterisk /etc/asterisk"
> ?
You can. But it will simply be pointless.
>
>
> 5) Another article says that running as non-root will prevent ToS being
> used.
> What is ToS? Do I need to be concerned?
Anybody wants to write something about this?
I recall a change in that area in recent Asterisk 1.4-s .
Does Asterisk actually break with SELinux enabled? Why?
--
Tzafrir Cohen
icq#16849755 jabber:tzafrir.cohen at xorcom.com
+972-50-7952406 mailto:tzafrir.cohen at xorcom.com
http://www.xorcom.com iax:guest at local.xorcom.com/tzafrir
More information about the asterisk-users
mailing list