On Sun, Sep 17, 2006 at 10:40:16AM -0400, Steve Totaro wrote: > >you're right, one should proof, under which user asterisk runs... > >Besides security reasons, running asterisk as root, doesn't it allow a > >higher prioritization of asterisk processes?
This is why we let asterisk setuid itself to user asterisk, and don't let the wrappr script handle that. Asterisk sets scheduling priority before running setuid/setgid . > I can see a problem with security issues but is it a bad thing to allow > higher priority of the asterisk process? Not sure that it does anyways, > but I don't see how that is a bad thing? It can help the quality of Audio. On the downside, it means that a 100% CPU loop in asterisk is a pain to recover from. Security implications: if someone can inject you one line to the dialpan, they can (under the right circumstances) get your system stuck very badly . Unless you have a manager connection availble. -- Tzafrir Cohen sip:[EMAIL PROTECTED] icq#16849755 iax:[EMAIL PROTECTED] +972-50-7952406 jabber:[EMAIL PROTECTED] [EMAIL PROTECTED] http://www.xorcom.com _______________________________________________ --Bandwidth and Colocation provided by Easynews.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
