[asterisk-users] CAP_FOWNER=ep for asterisk
Raimund Sacherer
rs at runsolutions.com
Thu Aug 20 02:26:25 CDT 2009
On Aug 19, 2009, at 5:43 PM, Tilghman Lesher wrote:
> On Wednesday 19 August 2009 05:54:32 Raimund Sacherer wrote:
>> I need CAP_FOWNER=ep for the asterisk process, i set it with setcap
>> on
>> the file /usr/sbin/asterisk, it's there when i look on it with
>> getcap,
>> but after starting and loocking with getpcaps there's only
>> cap_net_admin+ep set.
>>
>> So how exactly do I set CAP_FOWNER? Do I have to patch and recompile
>> or is there another solution I did not see yet?
>
> You'd need to patch and recompile. I really don't think this is
> really all
> that safe of a modification. Is there another way (such as through
> groups)
> that you can do what you want here?
Thanks, my problem is this:
We have a click2call solution which at first connected to asterisk via
the manager, but this created under some circumstances a blocking
situation where other apache processes which gather the state of the
agents blocked to and this got at times out of hand and lead ultimatly
to a deadlock (around 2 times a day at more worse days).
So i changed it to create call files.
Apache is running as www-data, asterisk as asterisk. So I put www-data
into the group asterisk.
Now apache can change the filegroup to asterisk, but not the file-
owner, which is required for asterisk to make utime file modifications.
I can prevent this giving asterisk the cap_fowner capability.
I do not like to use an external suid script or something else to
change the permissions, but I am very glad if someone has another
solution which does not involve any root things for this problem.
Best regards and thanks
Ray
>
> --
> Tilghman & Teryl
> with Peter, Cottontail, Midnight, Thumper, & Johnny (bunnies)
> and Harry, BB, & George (dogs)
>
> _______________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> AstriCon 2009 - October 13 - 15 Phoenix, Arizona
> Register Now: http://www.astricon.net
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users
More information about the asterisk-users
mailing list