Are there no permissions issues that will ever come up by running Asterisk as a non-root user?
My Asterisk server is a dedicated/closed system, only I have access to ssh into it. It's also behind an external firewall that only allows certain udp ports through from the world. And ssh from my specific static IP. So I tried my best to keep the security tight. But if there's no performance impact or any permission downsides to running Asterisk as non-root, I'm game. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Josh Krueger Sent: Wednesday, October 20, 2004 11:35 AM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [Asterisk-Users] Vmail.cgi Bahhh!! > asterisk records the files to the filesystem with root permissions, > which > a properly configured apache installation doesn't have access too. Actually, it should only record the files with root permissions if asterisk itself is running as root. Which you shouldnt be doing in the first place, serious security problem if asterisk gets a few exploitable vulnerabilities. And even if you go about chmodding in a cron job, you shouldnt chmod it 777, it should at least be 770 with the same group as apache. Try running asterisk as a regular user, thats in the same group as apache. Then it should create the files so they are readable by apache, but retain write permissions for asterisk. ---------------------------------- Josh Krueger Urban Communications http://www.urbancom.net/ _______________________________________________ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users _______________________________________________ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
