Re: [asterisk-users] Running Asterisk as root
In general, if your asterisk is accesible from the internet its much better to have it run as a non-root process. (My opinion is that this should be the default out-of-the-makefile ;) asterisk behaviour) This is the norm for more of the servers/services running on a linux system, and can act as a safety-net when things go bad Stelios S. Koroneos Digital OPSiS - Embedded Intelligence http://www.digital-opsis.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Christian Sent: Tuesday, May 06, 2008 3:00 AM To: asterisk-users@lists.digium.com Subject: [asterisk-users] Running Asterisk as root Hi all, I have seen discussions on this earlier on, but just want to hear some quick thoughts. I am running v1.6 of Asterisk on my Ubuntu installation, I did make config to make it run at boot. Since I've got a firewall and don't have any other servers running I am not worried. I have been htinking about running Asterisk as a seperat user, but haven't done that yet. Everything is working fine. What do you think? Thanks, Christian ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Running Asterisk as root
I totally agree. Someone filed a bugreport for this? Also asterisk init script should be installed by default too. I am going to give Cesar's instructions a try (sans removing /bin/sh) and hope it works! On Tue, May 6, 2008 at 3:24 AM, Stelios Koroneos [EMAIL PROTECTED] wrote: In general, if your asterisk is accesible from the internet its much better to have it run as a non-root process. (My opinion is that this should be the default out-of-the-makefile ;) asterisk behaviour) This is the norm for more of the servers/services running on a linux system, and can act as a safety-net when things go bad Stelios S. Koroneos Digital OPSiS - Embedded Intelligence http://www.digital-opsis.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Christian Sent: Tuesday, May 06, 2008 3:00 AM To: asterisk-users@lists.digium.com Subject: [asterisk-users] Running Asterisk as root Hi all, I have seen discussions on this earlier on, but just want to hear some quick thoughts. I am running v1.6 of Asterisk on my Ubuntu installation, I did make config to make it run at boot. Since I've got a firewall and don't have any other servers running I am not worried. I have been htinking about running Asterisk as a seperat user, but haven't done that yet. Everything is working fine. What do you think? Thanks, Christian ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Running Asterisk as root
Christian wrote: Hi all, I have seen discussions on this earlier on, but just want to hear some quick thoughts. I am running v1.6 of Asterisk on my Ubuntu installation, I did make config to make it run at boot. Since I've got a firewall and don't have any other servers running I am not worried. I have been htinking about running Asterisk as a seperat user, but haven't done that yet. Everything is working fine. What do you think? Thanks, Christian I'd never run a server app as root. It is just asking for trouble IMHO. When I built asterisk on my little custom linux server I documented the process of setting up as a non-privileged process here. Most of the information originally came from the voip-info.org site: http://www.theopensourcerer.com/2007/10/30/untangle-asterisk-pbx-and-file-server-all-in-one-part-7/ Hope this helps. Al -- The way out is open! http://www.theopensourcerer.com ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Running Asterisk as root
On 2008-05-06 at 03:46 Tzafrir Cohen wrote: On Mon, May 05, 2008 at 07:18:08PM -0500, Cesar Benjamin Garcia Martinez wrote: Move to root: sudo -s type your passwd and as root: Edit the file /etc/init.d/asterisk And uncommet the two lines than sasys something like AST_USER=asterisk AST_GROUP=asterisk You need to create the user asterisk on your system. And create another symlink sh to bash: cd /bin rm -f sh ln -s bash sh Why is that? Debian / Ubuntu policy is that a script that is not posix sh should use /bin/bash. Any script of Asterisk does not fit the policy and has not bit shot^Wfixed yet? The fix is to edit the ofending script: #!/bin/sh - #!/bin/bash Edit your /etc/asterisk/asterisk.conf and replace the line: astrundir = /var/run With: astrundir = /var/lib/asterisk/var/run /var/run/asterisk Everything under /var/run is deleted at boot with Ubuntu, so the init.d script should recreate that directory and give it proper permissions if it does not exist. (or use the one from the Asterisk package) Create that folder: mkdir -p /var/lib/asterisk/var/run /var/run/asterisk, as mentioned above. and it should be created in the init.d script . and, chown to asterisk:asterisk the folders: /var/lib/asterisk/ /usr/lib/asterisk/ No real need for /usr/lib/asterisk to be owned by Asterisk. It is read-only. /usr is read-only, as you recall. /var/log/asterisk/ chown -Rv asterisk:asterisk /var/lib/asterisk/ # chown -Rv asterisk:asterisk /usr/lib/asterisk/ chown -Rv asterisk:asterisk /var/log/asterisk/ that's all Btw... delete the symlink sh - dash into /bin NOT Start daemon /etc/init.d/asterisk start -- Tzafrir Cohen icq#16849755 jabber:[EMAIL PROTECTED] +972-50-7952406 mailto:[EMAIL PROTECTED] http://www.xorcom.com iax:[EMAIL PROTECTED]/tzafrir So what instructions are correct? I don't want to do anything that might not work. Many thanks, Christian ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Running Asterisk as root
Really not.. if only you delete sh, yes, but i say make a symlink from /bin/bash to /bin/sh Ubuntu 7.04 and above, comes with the shell dash as sh, ubuntu 6.06 comes with bash as sh, I got problems to start daemon, when sh points to dash.. safe_asterisk don's start... I read 1.4.19 don't need anymore safe_asterisk, but, what about if I need 1.2.x ? or 1.4.18 ? I talk for example if I use unicall for E1 (MFCR2) when I need that versions... someone do? Oh!!! Now understand... I forget it... when I say about delete sh... i forget say that is necessary, to create a symlink from /bin/bash to /bin/sh I'm so sorry :$ -Mensaje original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] En nombre de Tzafrir Cohen Enviado el: Lunes, 05 de Mayo de 2008 07:35 p.m. Para: asterisk-users@lists.digium.com Asunto: Re: [asterisk-users] Running Asterisk as root On Mon, May 05, 2008 at 07:18:08PM -0500, Cesar Benjamin Garcia Martinez wrote: Btw... delete the symlink sh - dash into /bin BAD THAT BREAKS THE SYSTEM (leaves it without /bin/sh, making half the scripts fail) -- Tzafrir Cohen icq#16849755 jabber:[EMAIL PROTECTED] +972-50-7952406 mailto:[EMAIL PROTECTED] http://www.xorcom.com iax:[EMAIL PROTECTED]/tzafrir ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users __ NOD32 3078 (20080506) Information __ This message was checked by NOD32 antivirus system. http://www.eset.com ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Running Asterisk as root
Hum. About the /var/run i do thats changes in the conf and the creation fo /var/run into /var/lib/asterisk becouse Works :P. Yes, Ubuntu cleans al into /var/run and that's my solution, I believe is possible touch something in daemon for do work fine but I consider more simple make 2 folders and modify one line Maybe, the init.d script works well if comes from official package, I never has installed asterisk from package, I prefer from sources. On Mon, May 05, 2008 at 07:18:08PM -0500, Cesar Benjamin Garcia Martinez wrote: Move to root: sudo -s type your passwd and as root: Edit the file /etc/init.d/asterisk And uncommet the two lines than sasys something like AST_USER=asterisk AST_GROUP=asterisk You need to create the user asterisk on your system. And create another symlink sh to bash: cd /bin rm -f sh ln -s bash sh Why is that? Debian / Ubuntu policy is that a script that is not posix sh should use /bin/bash. Any script of Asterisk does not fit the policy and has not bit shot^Wfixed yet? The fix is to edit the ofending script: #!/bin/sh - #!/bin/bash Edit your /etc/asterisk/asterisk.conf and replace the line: astrundir = /var/run With: astrundir = /var/lib/asterisk/var/run /var/run/asterisk Everything under /var/run is deleted at boot with Ubuntu, so the init.d script should recreate that directory and give it proper permissions if it does not exist. (or use the one from the Asterisk package) Create that folder: mkdir -p /var/lib/asterisk/var/run /var/run/asterisk, as mentioned above. and it should be created in the init.d script . and, chown to asterisk:asterisk the folders: /var/lib/asterisk/ /usr/lib/asterisk/ No real need for /usr/lib/asterisk to be owned by Asterisk. It is read-only. /usr is read-only, as you recall. /var/log/asterisk/ chown -Rv asterisk:asterisk /var/lib/asterisk/ # chown -Rv asterisk:asterisk /usr/lib/asterisk/ chown -Rv asterisk:asterisk /var/log/asterisk/ that's all Btw... delete the symlink sh - dash into /bin NOT Start daemon /etc/init.d/asterisk start -- Tzafrir Cohen icq#16849755 jabber:[EMAIL PROTECTED] +972-50-7952406 mailto:[EMAIL PROTECTED] http://www.xorcom.com iax:[EMAIL PROTECTED]/tzafrir ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users __ NOD32 3078 (20080506) Information __ This message was checked by NOD32 antivirus system. http://www.eset.com ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Running Asterisk as root
Hi all, I have seen discussions on this earlier on, but just want to hear some quick thoughts. I am running v1.6 of Asterisk on my Ubuntu installation, I did make config to make it run at boot. Since I've got a firewall and don't have any other servers running I am not worried. I have been htinking about running Asterisk as a seperat user, but haven't done that yet. Everything is working fine. What do you think? Thanks, Christian ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Running Asterisk as root
Move to root: sudo -s type your passwd and as root: Edit the file /etc/init.d/asterisk And uncommet the two lines than sasys something like AST_USER=asterisk AST_GROUP=asterisk You need to create the user asterisk on your system. And create another symlink sh to bash: cd /bin rm -f sh ln -s bash sh Edit your /etc/asterisk/asterisk.conf and replace the line: astrundir = /var/run With: astrundir = /var/lib/asterisk/var/run Create that folder: mkdir -p /var/lib/asterisk/var/run and, chown to asterisk:asterisk the folders: /var/lib/asterisk/ /usr/lib/asterisk/ /var/log/asterisk/ chown -Rv asterisk:asterisk /var/lib/asterisk/ chown -Rv asterisk:asterisk /usr/lib/asterisk/ chown -Rv asterisk:asterisk /var/log/asterisk/ that's all Btw... delete the symlink sh - dash into /bin Start daemon /etc/init.d/asterisk start -Mensaje original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] En nombre de Christian Enviado el: Lunes, 05 de Mayo de 2008 07:00 p.m. Para: asterisk-users@lists.digium.com Asunto: [asterisk-users] Running Asterisk as root Hi all, I have seen discussions on this earlier on, but just want to hear some quick thoughts. I am running v1.6 of Asterisk on my Ubuntu installation, I did make config to make it run at boot. Since I've got a firewall and don't have any other servers running I am not worried. I have been htinking about running Asterisk as a seperat user, but haven't done that yet. Everything is working fine. What do you think? Thanks, Christian ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users __ NOD32 3076 (20080505) Information __ This message was checked by NOD32 antivirus system. http://www.eset.com ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Running Asterisk as root
Hum, sorry, i guess y type wrong about chowns, this is the right: chown -Rv asterisk:asterisk /var/lib/asterisk/ chown -Rv asterisk:asterisk /usr/lib/asterisk/ chown -Rv asterisk:asterisk /var/log/asterisk/ -Mensaje original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] En nombre de Cesar Benjamin Garcia Martinez Enviado el: Lunes, 05 de Mayo de 2008 07:18 p.m. Para: 'Asterisk Users Mailing List - Non-Commercial Discussion' Asunto: Re: [asterisk-users] Running Asterisk as root Move to root: sudo -s type your passwd and as root: Edit the file /etc/init.d/asterisk And uncommet the two lines than sasys something like AST_USER=asterisk AST_GROUP=asterisk You need to create the user asterisk on your system. And create another symlink sh to bash: cd /bin rm -f sh ln -s bash sh Edit your /etc/asterisk/asterisk.conf and replace the line: astrundir = /var/run With: astrundir = /var/lib/asterisk/var/run Create that folder: mkdir -p /var/lib/asterisk/var/run and, chown to asterisk:asterisk the folders: /var/lib/asterisk/ /usr/lib/asterisk/ /var/log/asterisk/ chown -Rv asterisk:asterisk /var/lib/asterisk/ chown -Rv asterisk:asterisk /usr/lib/asterisk/ chown -Rv asterisk:asterisk /var/log/asterisk/ that's all Btw... delete the symlink sh - dash into /bin Start daemon /etc/init.d/asterisk start -Mensaje original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] En nombre de Christian Enviado el: Lunes, 05 de Mayo de 2008 07:00 p.m. Para: asterisk-users@lists.digium.com Asunto: [asterisk-users] Running Asterisk as root Hi all, I have seen discussions on this earlier on, but just want to hear some quick thoughts. I am running v1.6 of Asterisk on my Ubuntu installation, I did make config to make it run at boot. Since I've got a firewall and don't have any other servers running I am not worried. I have been htinking about running Asterisk as a seperat user, but haven't done that yet. Everything is working fine. What do you think? Thanks, Christian ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users __ NOD32 3076 (20080505) Information __ This message was checked by NOD32 antivirus system. http://www.eset.com ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users __ NOD32 3076 (20080505) Information __ This message was checked by NOD32 antivirus system. http://www.eset.com ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Running Asterisk as root
On Mon, May 05, 2008 at 07:18:08PM -0500, Cesar Benjamin Garcia Martinez wrote: Btw... delete the symlink sh - dash into /bin BAD THAT BREAKS THE SYSTEM (leaves it without /bin/sh, making half the scripts fail) -- Tzafrir Cohen icq#16849755 jabber:[EMAIL PROTECTED] +972-50-7952406 mailto:[EMAIL PROTECTED] http://www.xorcom.com iax:[EMAIL PROTECTED]/tzafrir ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] running asterisk under root
On Thu, 29 Jan 2004, Dmitry Mishchenko wrote: All example of installing Asterisk shows running it under root user. Why is that? Can it be run under regular non-privileged user account. Sure - with the right permission tweaking. I made a group telephony. Had to fiddle with permissons and set group to telephony for stuff like /etc/asterisk /var/log/asterisk. And in my case /dev/capi20 etc. Steve ___ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users