> On Jan. 1, 2014, 1:41 a.m., Matt Jordan wrote: > > /trunk/contrib/asterisk.service, line 12 > > <https://reviewboard.asterisk.org/r/3062/diff/2/?file=49947#file49947line12> > > > > Looking at how safe_asterisk spawns Asterisk, I'm not sure specifying > > an explicit run user is appropriate here. There's no guarantee that there's > > a user named "Asterisk" on the system. > > Tzafrir Cohen wrote: > Two answers here: > > 1. I guess that the stock systemd answer would be: "run asterisk as the > user asterisk. That way, the username and/or group name could be overiden in > /etc/systemd/system/asterisk.service". > > I remember we have some good reasons to let Asterisk drop privileges on > its own. But let's try to reconsider them? > > 2. So, maybe we should have asterisk_wrapper (any better name?) that will > > * Test for the requirements (perhaps as a subcommand for a Pre script?) > * Set up system-dependent setting > * Start asterisk a single time. > * Handle failures. > > I also considered this previously because safe_asterisk makes it very > simple to override the asterisk binary to a local live_ast copy by dropping a > single file in /etc/asterisk/startup.d (with a single line that may, or may > not, be remmed-out). > > Tzafrir Cohen wrote: > I looked into running Asterisk as non-root. But I can't find a way to get > systemd to generate /var/run/asterisk as a writable directory to the service. > It can be done by a Pre script. But the Pre script has to be configured with > the username. So I think that a single wrapper script is the best option.
As others pointed out, this can be handled by tmpfiles. BTW: safe_asterisk still creates the AST_RUN_DIR, which is, by now, pointless. So, what other things asterisk needs root for? * Setting a high scheduling priority * prctl(PR_SET_KEEPCAPS, 1 - Tzafrir ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviewboard.asterisk.org/r/3062/#review10499 ----------------------------------------------------------- On Dec. 24, 2013, 4:49 p.m., Tzafrir Cohen wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviewboard.asterisk.org/r/3062/ > ----------------------------------------------------------- > > (Updated Dec. 24, 2013, 4:49 p.m.) > > > Review request for Asterisk Developers. > > > Repository: Asterisk > > > Description > ------- > > Installs a systemd service file for Asterisk. > > Systeemd is the new "one daemon to rule them all" for Linux: > http://www.freedesktop.org/wiki/Software/systemd/ > On systems without systemd this should be just a harmless (though maybe > annoying) text file. > > This is aimed at replacing safe_asterisk with a more reliable main loop. It > almost does that. Is still fails to handle failures, as it seems that > systemd's ExecPostStop command does not get the exist status of the stopped > command. > > > Diffs > ----- > > /trunk/contrib/asterisk.service PRE-CREATION > /trunk/Makefile 404563 > > Diff: https://reviewboard.asterisk.org/r/3062/diff/ > > > Testing > ------- > > > Thanks, > > Tzafrir Cohen > >
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-dev mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-dev
