Hi Kristian, It is great that this documentation is out there, and that * supports this. However I think in an ideal world this would be inherently supported by * and ideally setup via config file like with apache:
User www Group www Or some other equivalent method. My problem with the existing approach is that when things change I have to remember to modify my Makefile, and figure out what newly added files/directories need permission changes. That being said I'm no professional sysadmin so maybe I'm missing the boat here. - Justin On Wed, 20 Oct 2004, Kristian Kielhofner wrote: > Paul Dugas wrote: > > Being fairly retentive about security and a long time admin of Solaris and > > Linux machines, I find the default behaviour of * running as root > > troubling. Forgive the potential offense but I don't trust *anyone* > > (including myself unless I have to) with root access. If * is to become a > > product for the world of system admins to manage and monitor, it needs to > > have this problem addressed. > > > > It seems to me that given proper permissions in the installer for the > > files and devices (as Ryan suggested below), we may be able to achieve > > much of this rather painlessly. The TCP ports * listens on are all above > > 1024 I think so that's not an issue. What are the chances of seeing this > > in a 1.1 release? > > > > Paul > > "Retentive Boy" > > > > Paul, > > This is well documented in the wiki and elsewhere. You can run > asterisk as any user (preferably asterisk, obviously). All you really > need to do is change ASTVARRUNDIR=/var/run/asterisk in the Makefile, > recompile, change safe_asterisk (maybe /etc/init.d/asterisk) to use user > asterisk and group asterisk. Then find something to change all the > necessary permissions: > > chown --recursive asterisk:asterisk /var/lib/asterisk > chown --recursive asterisk:asterisk /var/log/asterisk > chown --recursive asterisk:asterisk /var/run/asterisk > chown --recursive asterisk:asterisk /var/spool/asterisk > chown --recursive asterisk:asterisk /dev/zap > chmod --recursive u=rwX,g=rX,o= /var/lib/asterisk > chmod --recursive u=rwX,g=rX,o= /var/log/asterisk > chmod --recursive u=rwX,g=rX,o= /var/run/asterisk > chmod --recursive u=rwX,g=rX,o= /var/spool/asterisk > chmod --recursive u=rwX,g=rX,o= /dev/zap > > chown --recursive root:asterisk /etc/asterisk > chmod --recursive u=rwX,g=rX,o= /etc/asterisk > > -- > Kristian Kielhofner > _______________________________________________ > Asterisk-Users mailing list > [EMAIL PROTECTED] > http://lists.digium.com/mailman/listinfo/asterisk-users > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users > _______________________________________________ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
