Being fairly retentive about security and a long time admin of Solaris and Linux machines, I find the default behaviour of * running as root troubling. Forgive the potential offense but I don't trust *anyone* (including myself unless I have to) with root access. If * is to become a product for the world of system admins to manage and monitor, it needs to have this problem addressed.
It seems to me that given proper permissions in the installer for the files and devices (as Ryan suggested below), we may be able to achieve much of this rather painlessly. The TCP ports * listens on are all above 1024 I think so that's not an issue. What are the chances of seeing this in a 1.1 release?
Paul "Retentive Boy"
Paul,
This is well documented in the wiki and elsewhere. You can run asterisk as any user (preferably asterisk, obviously). All you really need to do is change ASTVARRUNDIR=/var/run/asterisk in the Makefile, recompile, change safe_asterisk (maybe /etc/init.d/asterisk) to use user asterisk and group asterisk. Then find something to change all the necessary permissions:
chown --recursive asterisk:asterisk /var/lib/asterisk chown --recursive asterisk:asterisk /var/log/asterisk chown --recursive asterisk:asterisk /var/run/asterisk chown --recursive asterisk:asterisk /var/spool/asterisk chown --recursive asterisk:asterisk /dev/zap chmod --recursive u=rwX,g=rX,o= /var/lib/asterisk chmod --recursive u=rwX,g=rX,o= /var/log/asterisk chmod --recursive u=rwX,g=rX,o= /var/run/asterisk chmod --recursive u=rwX,g=rX,o= /var/spool/asterisk chmod --recursive u=rwX,g=rX,o= /dev/zap
chown --recursive root:asterisk /etc/asterisk chmod --recursive u=rwX,g=rX,o= /etc/asterisk
-- Kristian Kielhofner _______________________________________________ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
