On Tuesday 07 October 2003 01:23, Olle E. Johansson wrote: > Tilghman Lesher wrote: > > On Monday 06 October 2003 05:13 pm, Carlton J. O'Riley wrote: > >>Are there any plans to incorporate the running of Asterisk as a > >>non-root user into the current CVS? There is nothing in Asterisk > >>that requires root access as far as I know and this would solve the > >>vmail.cgi script permissions problem. > > > > Here's a reason why it might need to run as root: > > bash# ls -l /dev/zap/ctl > > crw-r--r-- 1 root root 196, 0 Oct 6 13:15 > > /dev/zap/ctl > > We need to open some ports for listening as root, but after that we > can change user ID the way other daemons do.
None of the ports are below 1024, so root access is not needed to bind them. > Tilghman, can we handle this ctl device as another user after we > opened it? Check with Mark. Also, note that there's no guarantee that some kernel developer might think this is a bad idea (read: security hole) and disallow it in some future version. > I agree that it would be good to have Asterisk running with another > user ID. If you're that concerned about it, why not use the NSA kernel with ACLs? It would probably be even better served if you worked to secure the entire execution environment (e.g. chroot, ACLs, etc.) instead of just changing the uid. -Tilghman _______________________________________________ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users
