[asterisk-users] Group write permissions /etc/asterisk/.

Karl Fife karlfife at gmail.com
Tue Mar 6 15:44:29 CST 2012


It's not a question of whether the default directory permissions are
appropriate.  I agree with those.

What we're talking about here is what happens during updates to an existing
directory. I can't see any rationale for changing the group permissions.
If the group permissions differ from the installation defaults, it is
because the sysadmin needed them to be different in order to implement one
or more methods of extensibility / interoperability that make Asterisk so
powerful.

Absolutely, it would make sense for the installer to check to be sure it
has SUFFICIENT permissions to operate properly, but it is a huge leap of
faith to assume that it's appropriate to simply delete certain group
permissions.  Users only in the owner's group if they belong there, no??

The upshot is that ever since upgrading to 1.8 we have to re-re-re-reset
the group directory permissions to make things work, and that just seems
insane to me if that is a design choice, not a regression.

-Karl


On Mon, Mar 5, 2012 at 11:30 PM, Raj Mathur (राज माथुर) <
raju at linux-delhi.org> wrote:

> On Tuesday 06 Mar 2012, Jason Parker wrote:
> > I don't know if I would call it a bug since the switch to install was
> > intentional, but I wouldn't say it's necessarily expected either.  I
> > don't really have a strong opinion either way though.  If anything, I
> > might be inclined to argue that 750 (or 770) would be more
> > appropriate.
>
> Considering that (e.g.) sip.conf and iax.conf may contain passwords in
> clear-text, I'd agree that 770/750 for directories and 660/640 for files
> would be most appropriate.  The g+w bit needs to be set only on those
> directories/files that ought to be writable from within the Asterisk
> process itself.
>
> Regards,
>
> -- Raj
> --
> Raj Mathur                          || raju at kandalaya.org   || GPG:
> http://otheronepercent.blogspot.com || http://kandalaya.org || CC68
> It is the mind that moves           || http://schizoid.in   || D17F
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>               http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20120306/157fafab/attachment.htm>


More information about the asterisk-users mailing list