[asterisk-users] DeadAgi
Steve Edwards
asterisk.org at sedwards.com
Fri Sep 18 11:55:56 CDT 2009
>> On Thu, 17 Sep 2009, Anahi Ludue?a wrote:
>>
>>> Thanks for the answers! The file didn't have the first line!
>>> #!/usr/bin/php
> Steve Edwards wrote:
>> Glad you found the answer. However...
>>
>>> The command ls -l returns:
>>>
>>> -rwxrwxrwx 1 root root 140 Sep 17 15:42 finconf.php
>>
>> Having an executable with 777 permissions is a very bad idea. Think
>> about somebody (or some program) executing something like:
>>
>> echo "rm -f -r /whatever-they-want" \
>>> /var/lib/asterisk/agi-bin/finconf.php
On Fri, 18 Sep 2009, Ishfaq Malik wrote:
> Agreeing with the above here, really you want the script owned by
> asterisk.asterisk and permissions of 0755
If the file has the permissions set to 755, the ownership is irrelevant to
the execution.
755 (-rwxr-xr-x) means:
1) 7 (rwx) -- read, write, and execute by the user that owns the file,
2) 5 (r-x) -- read and execute by members of the group that owns the file,
3) 5 (r-x) -- read and execute by users not in the group that owns the
file.
Thus, anybody can execute the AGI.
You could have the permission set to 500 (-r-x------) meaning only the
owner can read (which is a prerequisite to execute) and execute the file,
assuming that the user executing Asterisk is the owner of the file.
You could even have the permission set to 1 (---------x) if you execute
Asterisk as root.
Personally, since I am usually the "lone developer and admin," I set the
ownership of /var/lib/asterisk/ and below to my username so I don't have
to use sudo every time I update an AGI or a sound file. I set the
permissions of the AGIs to 755 so the user running Asterisk can execute
them as well.
--
Thanks in advance,
-------------------------------------------------------------------------
Steve Edwards sedwards at sedwards.com Voice: +1-760-468-3867 PST
Newline Fax: +1-760-731-3000
More information about the asterisk-users
mailing list