hello there. i am running debian 8 in my swerver and i would like to run asterisk as non root. i did follow the https://www.voip-info.org/wiki-Asterisk+non-root without any success. when i issue root at PBX: ~ $ asterisk -U asterisk -G asterisk Privilege escalation protection disabled! See https://wiki.asterisk.org/wiki/x/1gKfAQ for more details. Unable to access the running directory (Permission denied). Changing to '/' for compatibility. Asterisk already running on /var/run/asterisk/asterisk.ctl. Use 'asterisk -r' to connect. root at PBX: ~ $ any ideas on how to fix that please? -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20170419/c198c1e6/attachment.html>
On Wednesday 19 April 2017 at 15:44:39, Atux Atux wrote:> hello there. i am running debian 8 in my swerver and i would like to run > asterisk as non root. i did follow the > https://www.voip-info.org/wiki-Asterisk+non-root without any success.Did you do the very first step: /etc/init.d/asterisk stop ?> when i issue > root at PBX: ~ $ asterisk -U asterisk -G asterisk > Privilege escalation protection disabled! > See https://wiki.asterisk.org/wiki/x/1gKfAQ for more details. > Unable to access the running directory (Permission denied).Did you do all the "chown" and "chmod" commands listed in those guidelines?> Changing to '/' for compatibility. > Asterisk already running on /var/run/asterisk/asterisk.ctl. Use 'asterisk > -r' to connect.Er, you can't change to running as non-root without stopping the existing (started by root) service first...> root at PBX: ~ $ > > any ideas on how to fix that please?Show us the output of: # find / -name asterisk -exec ls -ld '{}' \; Antony. -- All matter in the Universe can be placed into one of two categories: 1. Things which need to be fixed. 2. Things which need to be fixed once you've had a few minutes to play with them. Please reply to the list; please *don't* CC me.
On Wed, Apr 19, 2017 at 04:44:39PM +0300, Atux Atux wrote:> hello there. i am running debian 8 in my swerver and i would like to run > asterisk as non root.The Asterisk package included with Debian already does that. Why not have a look at it?> i did follow the > https://www.voip-info.org/wiki-Asterisk+non-root without any success. when > i issue > root at PBX: ~ $ asterisk -U asterisk -G asteriskThe options -U and -G are for the case of running Asterisk as root and having Asterisk change user and group afterwards. There are a number of options that only work that way (real-time priority, special socket permissions, IIRC). Alternatively you can use other mans to change to that user (--chuid or start-stop-daemon or User: and Group: in a systemd service file, or whatever). And then you don't need those options.> Privilege escalation protection disabled! > See https://wiki.asterisk.org/wiki/x/1gKfAQ for more details.Read that text. But it is irrelevant for your situation.> Unable to access the running directory (Permission denied). Changing to '/' > for compatibility./root is not accessible by the user asterisk. This is mostly harmless, but not if you want to have core files (see also -g) and maybe a few other minor things.> Asterisk already running on /var/run/asterisk/asterisk.ctl. Use 'asterisk > -r' to connect.Because you already ran that command before. Or already have the system copy of asterisk running. Or whatever. Reading error messages helps. -- Tzafrir Cohen +972-50-7952406 mailto:tzafrir.cohen at xorcom.com http://www.xorcom.com
Hi.
Here is the output of the command
root at pbx: ~ $ find / -name asterisk -exec ls -ld '{}' \;
drwxr-xr-x 3 root root 4096 Apr 19 17:32 /usr/include/asterisk
drwxr-x--- 3 asterisk asterisk 4096 Apr 19 17:32 /usr/lib/asterisk
-rwxr-xr-x 1 root root 9719880 Apr 19 17:27
/usr/src/asterisk-11.25.1/main/asterisk
drwxrwxr-x 3 1013 users 4096 Apr 19 16:56
/usr/src/asterisk-11.25.1/include/asterisk
-rwxr-xr-x 1 root root 9719880 Apr 19 17:32 /usr/sbin/asterisk
root at pbx: ~ $
On Wed, Apr 19, 2017 at 5:03 PM, Tzafrir Cohen <tzafrir.cohen at
xorcom.com>
wrote:
> On Wed, Apr 19, 2017 at 04:44:39PM +0300, Atux Atux wrote:
> > hello there. i am running debian 8 in my swerver and i would like to
run
> > asterisk as non root.
>
> The Asterisk package included with Debian already does that. Why not
> have a look at it?
>
> > i did follow the
> > https://www.voip-info.org/wiki-Asterisk+non-root without any success.
> when
> > i issue
> > root at PBX: ~ $ asterisk -U asterisk -G asterisk
>
> The options -U and -G are for the case of running Asterisk as root and
> having Asterisk change user and group afterwards. There are a number of
> options that only work that way (real-time priority, special socket
> permissions, IIRC).
>
> Alternatively you can use other mans to change to that user (--chuid or
> start-stop-daemon or User: and Group: in a systemd service file, or
> whatever). And then you don't need those options.
>
> > Privilege escalation protection disabled!
> > See https://wiki.asterisk.org/wiki/x/1gKfAQ for more details.
>
> Read that text. But it is irrelevant for your situation.
>
> > Unable to access the running directory (Permission denied). Changing
to
> '/'
> > for compatibility.
>
> /root is not accessible by the user asterisk. This is mostly harmless,
> but not if you want to have core files (see also -g) and maybe a few
> other minor things.
>
> > Asterisk already running on /var/run/asterisk/asterisk.ctl. Use
> 'asterisk
> > -r' to connect.
>
> Because you already ran that command before. Or already have the system
> copy of asterisk running. Or whatever.
>
> Reading error messages helps.
>
> --
> Tzafrir Cohen
> +972-50-7952406 mailto:tzafrir.cohen at xorcom.com
> http://www.xorcom.com
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> Check out the new Asterisk community forum at: https://community.asterisk.
> org/
>
> New to Asterisk? Start here:
> https://wiki.asterisk.org/wiki/display/AST/Getting+Started
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.digium.com/pipermail/asterisk-users/attachments/20170419/4b162de1/attachment.html>