On Thu, May 15, 2008 at 06:17:12PM +1000, Lee, John (Sydney) wrote: > > I was following the instruction on > http://www.voip-info.org/wiki-Asterisk+non-root to re-install my > Asterisk as non-root when I had the following questions/issues:
For those wondering what the fuss is all about, look at: He was actually refering to: http://www.voip-info.org/wiki/page_history.php?page_id=745&preview=40 > > > 1) " Use your system's preferred method of adding a new user. Examples: > Red Hat: adduser -c "Asterisk PBX" -d /var/lib/asterisk -u 5060 > asterisk" > ###Why did we have to choose uid as 5060? > ###In fact, do you need to specify the uid at all? Right. No need. > > > 2) "Edit your Asterisk config file (/etc/asterisk/asterisk.conf): > astrundir => /var/run/asterisk > Recompile and reinstall Asterisk." > ### Seems a bit strange to modify this before you recompile. > ### As it turns out, the reinstall did not change the astrundir variable > ### You have to manually modify it if this modification is actually > required. This was not written clearly. I put there a separate case for Asterisk >= 1.4 . Did it require a rebuild on 1.2 ? TODO: update on the vanishing /var/run/asterisk at boot on a certain distribution . > > 3) "Also, make note that if you're running udev on your system > (linux-2.6), the /dev directory is dynamically populated with device > nodes, meaning that any permissions you set on /dev/zap will be lost on > your next reboot, and you may get a nasty message such as "Asterisk > ended with exit status 1" > when trying to start asterisk. Read the file > /path/to/zaptel-src-1.2.x/README.udev for instructions on how to change > the user/group assigned to /dev/zap. " > ### There is actually no README.udev file in zaptel source. > ### Do I need to worry about this if "uname -r" returns 2.6.18-8.el5 > ### What actually is udev? I see that this is not docuemnted anywhere, actually . Zaptel now (as of around 1.4.8, I believe) creates udev rules that set the userame of the device to Asterisk. Some distributions (Gentoo and Debian) replace that with a rule that sets the group to "dialout" (hence the need to add Asterisk to the group 'dialout'). > > > 4) "Asterisk needs read permission for these directories and their > contents: > /etc/asterisk. > chown --recursive root:asterisk /etc/asterisk" > ### root is not in group asterisk root can read/write everything anyway, regardless of ownership. > ### All the while, the instruction has been saying to create a user > asterisk > ### under group asterisk. > ### Does it mean to put root into group asterisk as well??? > ### Or should it be "chown --recursive asterisk:asterisk /etc/asterisk" > ? You can. But it will simply be pointless. > > > 5) Another article says that running as non-root will prevent ToS being > used. > What is ToS? Do I need to be concerned? Anybody wants to write something about this? I recall a change in that area in recent Asterisk 1.4-s . Does Asterisk actually break with SELinux enabled? Why? -- Tzafrir Cohen icq#16849755 jabber:[EMAIL PROTECTED] +972-50-7952406 mailto:[EMAIL PROTECTED] http://www.xorcom.com iax:[EMAIL PROTECTED]/tzafrir _______________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
