Hi all, I have seen discussions on this earlier on, but just want to hear some quick thoughts. I am running v1.6 of Asterisk on my Ubuntu installation, I did make config to make it run at boot. Since I've got a firewall and don't have any other servers running I am not worried. I have been htinking about running Asterisk as a seperat user, but haven't done that yet. Everything is working fine. What do you think? Thanks, Christian
Cesar Benjamin Garcia Martinez
2008-May-06 00:18 UTC
[asterisk-users] Running Asterisk as root
Move to root: sudo -s type your passwd and as root: Edit the file /etc/init.d/asterisk And uncommet the two lines than sasys something like AST_USER="asterisk" AST_GROUP="asterisk" You need to create the user asterisk on your system. And create another symlink sh to bash: cd /bin rm -f sh ln -s bash sh Edit your /etc/asterisk/asterisk.conf and replace the line: astrundir => /var/run With: astrundir => /var/lib/asterisk/var/run Create that folder: mkdir -p /var/lib/asterisk/var/run and, chown to asterisk:asterisk the folders: /var/lib/asterisk/ /usr/lib/asterisk/ /var/log/asterisk/ chown -Rv asterisk:asterisk /var/lib/asterisk/ chown -Rv asterisk:asterisk /usr/lib/asterisk/ chown -Rv asterisk:asterisk /var/log/asterisk/ that's all Btw... delete the symlink sh -> dash into /bin Start daemon /etc/init.d/asterisk start -----Mensaje original----- De: asterisk-users-bounces at lists.digium.com [mailto:asterisk-users-bounces at lists.digium.com] En nombre de Christian Enviado el: Lunes, 05 de Mayo de 2008 07:00 p.m. Para: asterisk-users at lists.digium.com Asunto: [asterisk-users] Running Asterisk as root Hi all, I have seen discussions on this earlier on, but just want to hear some quick thoughts. I am running v1.6 of Asterisk on my Ubuntu installation, I did make config to make it run at boot. Since I've got a firewall and don't have any other servers running I am not worried. I have been htinking about running Asterisk as a seperat user, but haven't done that yet. Everything is working fine. What do you think? Thanks, Christian _______________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users __________ NOD32 3076 (20080505) Information __________ This message was checked by NOD32 antivirus system. http://www.eset.com
On Mon, May 05, 2008 at 07:18:08PM -0500, Cesar Benjamin Garcia Martinez wrote:> Btw... delete the symlink sh -> dash into /binBAD!!!! THAT BREAKS THE SYSTEM (leaves it without /bin/sh, making half the scripts fail) -- Tzafrir Cohen icq#16849755 jabber:tzafrir.cohen at xorcom.com +972-50-7952406 mailto:tzafrir.cohen at xorcom.com http://www.xorcom.com iax:guest at local.xorcom.com/tzafrir
In general, if your asterisk is accesible from the internet its much better to have it run as a non-root process. (My opinion is that this should be the default out-of-the-makefile ;) asterisk behaviour) This is the "norm" for more of the servers/services running on a linux system, and can act as a safety-net when things go bad Stelios S. Koroneos Digital OPSiS - Embedded Intelligence http://www.digital-opsis.com> -----Original Message----- > From: asterisk-users-bounces at lists.digium.com > [mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of > Christian > Sent: Tuesday, May 06, 2008 3:00 AM > To: asterisk-users at lists.digium.com > Subject: [asterisk-users] Running Asterisk as root > > Hi all, > I have seen discussions on this earlier on, but just want to > hear some quick thoughts. > I am running v1.6 of Asterisk on my Ubuntu installation, I > did make config to make it run at boot. Since I've got a > firewall and don't have any other servers running I am not > worried. I have been htinking about running Asterisk as a > seperat user, but haven't done that yet. > Everything is working fine. > What do you think? > Thanks, > Christian > > > _______________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users >
Christian wrote:> Hi all, > I have seen discussions on this earlier on, but just want to hear some quick thoughts. > I am running v1.6 of Asterisk on my Ubuntu installation, I did make config to make it run at boot. Since I've got a firewall and don't have any other servers running I am not worried. I have been htinking about running Asterisk as a seperat user, but haven't done that yet. > Everything is working fine. > What do you think? > Thanks, > Christian >I'd never run a server app as root. It is just asking for trouble IMHO. When I built asterisk on my little custom linux server I documented the process of setting up as a non-privileged process here. Most of the information originally came from the voip-info.org site: http://www.theopensourcerer.com/2007/10/30/untangle-asterisk-pbx-and-file-server-all-in-one-part-7/ Hope this helps. Al -- The way out is open! http://www.theopensourcerer.com