On Wed, Sep 14, 2005 at 07:28:06AM -0600, Joseph wrote: > On Wed, 2005-09-14 at 12:10 +0300, Tzafrir Cohen wrote: > > > > >I'm follows installation instruction from wiki and there is > > section > > > > >"Running Asterisk not as root" > > > > >It is not difficult to follow, but time taking. > > > > > > > > > >Why isn't this section implemented as in cvs if it is considered > > as > > > > >security issue? I'm sure it wouldn't take much time to write a > > small > > > > >script that would change all the file permission and ownership > > during > > > > >installation. > > > > That script needs to create a user. Or is it a group? With what name? > > That part needs to be run only once. > > > > Now you need to chown/chmod a bunch of directories. And also make sure > > asterisk is never run without -U . Or is it -G? Or both? Or is it the > > job of safe_asterisk to do that? > > > > No, this is the job of the installer/packager. Wanna prove me wrong? > > Please write that script. > > I've noticed that part is easy on Gentoo; emerge asterisk > will do all the work for you: Installing start-up script in /etc/init.d/ > configuration file in /etc/conf.d/ and add right urser, owner group. > So right after emerge, you can unmerge the portage version, compile from > cvs and change permission.
What you probably don't know is how long it took to debug that script. I also wonder if the same init.d script could be used on a Debian system and on a Gentoo system. Regarding owndership: On Debian by default only -U is used. -G is unnecessary as Asterisk gets all the default groups of the user passed with -U if there is no -G . (There was a small patch to do that in a response to a bug report asking for allowing multiple groups in -G). The group that owns the zaptel device files happens to be 'sounds' . It can not be 'asterisk' as there are some non-Asterisk users of zaptel. udev does not work out-of the box, and thus sadly has to be odcumented in README.Debian. -- Tzafrir Cohen icq#16849755 +972-50-7952406 [EMAIL PROTECTED] http://www.xorcom.com _______________________________________________ Asterisk-Dev mailing list [email protected] http://lists.digium.com/mailman/listinfo/asterisk-dev To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-dev
