Lee, John (Sydney) wrote: > I was following the instruction on > http://www.voip-info.org/wiki-Asterisk+non-root to re-install my > Asterisk as non-root when I had the following questions/issues: > > 1) " Use your system's preferred method of adding a new user. Examples: > Red Hat: adduser -c "Asterisk PBX" -d /var/lib/asterisk -u 5060 > asterisk" > ###Why did we have to choose uid as 5060? > ###In fact, do you need to specify the uid at all?
Nope - the UID doesn't matter, but it is general practice to keep system (application) UIDs below 100 or 1000 and "normal" users above. So I'd use a number below 100 or 1000 depending on your linux distro's standard. > > 2) "Edit your Asterisk config file (/etc/asterisk/asterisk.conf): > astrundir => /var/run/asterisk > Recompile and reinstall Asterisk." > ### Seems a bit strange to modify this before you recompile. > ### As it turns out, the reinstall did not change the astrundir variable > ### You have to manually modify it if this modification is actually > required. > That won't affect compilation whatsoever. > > 3) "Also, make note that if you're running udev on your system > (linux-2.6), the /dev directory is dynamically populated with device > nodes, meaning that any permissions you set on /dev/zap will be lost on > your next reboot, and you may get a nasty message such as "Asterisk > ended with exit status 1" > when trying to start asterisk. Read the file > /path/to/zaptel-src-1.2.x/README.udev for instructions on how to change > the user/group assigned to /dev/zap. " > ### There is actually no README.udev file in zaptel source. > ### Do I need to worry about this if "uname -r" returns 2.6.18-8.el5 > ### What actually is udev? > udev help linux to dynamically create/remove the interfaces to various hardware devices and so forth. After installing the zaptel module you'll see a udev rules file "zaptel.rules" in your etc/udev configuration area. It doesn't take a genius to work out if or how you need to change anything in that file... > 4) "Asterisk needs read permission for these directories and their > contents: > /etc/asterisk. > chown --recursive root:asterisk /etc/asterisk" > ### root is not in group asterisk > ### All the while, the instruction has been saying to create a user > asterisk > ### under group asterisk. > ### Does it mean to put root into group asterisk as well??? > ### Or should it be "chown --recursive asterisk:asterisk /etc/asterisk" > ? There is reason behind this. It is possibly more secure to make the "owner" root and just allow group access by asterisk. Setting the files as above permits read/write only by the user root and read only by members of the group asterisk. > > 5) Another article says that running as non-root will prevent ToS being > used. > What is ToS? Do I need to be concerned? http://en.wikipedia.org/wiki/Type_of_Service. Why you can't use this as non-root I do not understand... > Any thoughts? > I wrote up my solution for building and running asterisk as non-root here: http://www.theopensourcerer.com/2007/10/30/untangle-asterisk-pbx-and-file-server-all-in-one-part-7/ I have read somewhere that voicemail.conf needs to be writeable by Asterisk so users can change their vmailbox passwords. I haven't confirmed this but I set voicemail.conf to be writeable by group asterisk just in case. Hope this helps. Al -- The way out is open! http://www.theopensourcerer.com _______________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users