On Mon, Nov 19, 2007 at 08:51:21AM -0800, Robert McNaught wrote: > Hi, > > I have set up asterisk to run as non root, and allow admin users to log > in to the server as asterisk, which gives them privileges to edit > configs in the asterisk home directory.
The daemon runs as the user asterisk. There is no reason why the admin should run as the user asterisk. > > As for connecting to the console with 'asterisk -r' - this by default > does not work as asterisk is owned stored in /usr/sbin/asterisk > > I am reading that the best way to solve this is to use 'visudo' - I > added this:- > > asterisk ALL=/usr/sbin/asterisk -r NOPASSWD: ALL This is totally unrequired. You just need to set proper permissions for the socket /var/run/asterisk/asterisk.ctl . This is done in asterisk.conf - [files] ;astctlpermissions = 0660 ;astctlowner = root astctlgroup = asterisk ;astctl = asterisk.ctl http://svn.digium.com/svn/asterisk/branches/1.4/doc/asterisk-conf.txt > asterisk ALL=/usr/sbin/safe_asterisk NOPASSWD: ALL Why would Asterisk need to run safe_asterisk? With an arbitrary parameter? You may want to permit some administrator to do that, but not the asterisk daemon. This probably opens the door to priviliges escalations. -- Tzafrir Cohen icq#16849755 jabber:[EMAIL PROTECTED] +972-50-7952406 mailto:[EMAIL PROTECTED] http://www.xorcom.com iax:[EMAIL PROTECTED]/tzafrir _______________________________________________ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
