thanks for the reply Tzafrir, I tried the below, but I think maybe I misexplained what I am trying to do. I have asterisk running as user asterisk - I followed the instructions in the Asterisk book and have everything stored in /home/asterisk/asterisk-bin - this includes logs, pid files, configs etc etc
my asterisk.conf is [directories] astetcdir => /home/asterisk/asterisk-bin/asterisk astmoddir => /home/asterisk/asterisk-bin/lib/asterisk/modules astvarlibdir => /home/asterisk/asterisk-bin/lib/asterisk astdatadir => /home/asterisk/asterisk-bin/lib/asterisk astagidir => /home/asterisk/asterisk-bin/lib/asterisk/agi-bin astspooldir => /home/asterisk/asterisk-bin/spool/asterisk astrundir => /home/asterisk/asterisk-bin/run astlogdir => /home/asterisk/asterisk-bin/log/asterisk [options] ;internal_timing = yes systemname = XXXXX ; prefix uniqueid with a system name for global uniqueness issues ; Changing the following lines may compromise your security. ;[files] ;astctlpermissions = 0770 astctlowner = asterisk astctlgroup = asterisk ;astctl = asterisk.ctl my problem is that a non-privileged user, eg admin, cannot log in and connect to the console by issuing the following [EMAIL PROTECTED] asterisk -r bash: asterisk: command not found [EMAIL PROTECTED] whereis asterisk asterisk: /usr/sbin/asterisk /usr/lib/asterisk /usr/include/asterisk /usr/include/asterisk.h /usr/share/man/man8/asterisk.8 what is the best way to solve this problem? i have tried adding admin ALL=(ALL) ALL - I will prune back once I verify I can get this working into visudo, but even that returns asterisk:command not found Does anyone out there know the best way around this - I tried adding in a symbolic link in /usr/bin/asterisk to point to the /home/asterisk/asterisk-bin/sbin/asterisk file, which worked, but is a hack around the problem and don't believe this is the way It seems that non-privileged users cannot run commands in sbin, but can in bin directories Robert > > On Mon, Nov 19, 2007 at 08:51:21AM -0800, Robert McNaught wrote: > > Hi, > > > > I have set up asterisk to run as non root, and allow admin users to log > > in to the server as asterisk, which gives them privileges to edit > > configs in the asterisk home directory. > > The daemon runs as the user asterisk. There is no reason why the admin > should run as the user asterisk. > > > > > As for connecting to the console with 'asterisk -r' - this by default > > does not work as asterisk is owned stored in /usr/sbin/asterisk > > > > I am reading that the best way to solve this is to use 'visudo' - I > > added this:- > > > > asterisk ALL=/usr/sbin/asterisk -r NOPASSWD: ALL > > > This is totally unrequired. You just need to set proper permissions for > the socket /var/run/asterisk/asterisk.ctl . This is done in > asterisk.conf - > > [files] > ;astctlpermissions = 0660 > ;astctlowner = root > astctlgroup = asterisk > ;astctl = asterisk.ctl > > http://svn.digium.com/svn/asterisk/branches/1.4/doc/asterisk-conf.txt > > > asterisk ALL=/usr/sbin/safe_asterisk NOPASSWD: ALL > > Why would Asterisk need to run safe_asterisk? > > With an arbitrary parameter? > > You may want to permit some administrator to do that, but not the > asterisk daemon. This probably opens the door to priviliges escalations. > > -- > Tzafrir Cohen > icq#16849755 jabber:[EMAIL PROTECTED] > +972-50-7952406 mailto:[EMAIL PROTECTED] > http://www.xorcom.com iax:[EMAIL PROTECTED]/tzafrir > >
_______________________________________________ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
