> thanks for the reply Tzafrir, > > I tried the below, but I think maybe I misexplained what I am trying > to do. I have asterisk running as user asterisk - I followed the > instructions in the Asterisk book and have everything stored > in /home/asterisk/asterisk-bin - this includes logs, pid files, > configs etc etc > > my asterisk.conf is > > [directories] > astetcdir => /home/asterisk/asterisk-bin/asterisk > astmoddir => /home/asterisk/asterisk-bin/lib/asterisk/modules > astvarlibdir => /home/asterisk/asterisk-bin/lib/asterisk > astdatadir => /home/asterisk/asterisk-bin/lib/asterisk > astagidir => /home/asterisk/asterisk-bin/lib/asterisk/agi-bin > astspooldir => /home/asterisk/asterisk-bin/spool/asterisk > astrundir => /home/asterisk/asterisk-bin/run > astlogdir => /home/asterisk/asterisk-bin/log/asterisk > > [options] > ;internal_timing = yes > systemname = XXXXX ; prefix uniqueid with a system name for global > uniqueness issues > ; Changing the following lines may compromise your security. > ;[files] > ;astctlpermissions = 0770 > astctlowner = asterisk > astctlgroup = asterisk > ;astctl = asterisk.ctl > > my problem is that a non-privileged user, eg admin, cannot log in and > connect to the console by issuing the following > > [EMAIL PROTECTED] asterisk -r > bash: asterisk: command not found > > [EMAIL PROTECTED] whereis asterisk > asterisk: /usr/sbin/asterisk /usr/lib/asterisk /usr/include/asterisk > /usr/include/asterisk.h /usr/share/man/man8/asterisk.8 > > what is the best way to solve this problem? > > i have tried adding > > admin ALL=(ALL) ALL - I will prune back once I verify I can > get this working > > into visudo, but even that returns asterisk:command not found > > Does anyone out there know the best way around this - I tried adding > in a symbolic link in /usr/bin/asterisk to point to > the /home/asterisk/asterisk-bin/sbin/asterisk file, which worked, but > is a hack around the problem and don't believe this is the way > > It seems that non-privileged users cannot run commands in sbin, but > can in bin directories > > Robert > > > > > > On Mon, Nov 19, 2007 at 08:51:21AM -0800, Robert McNaught wrote: > > > Hi, > > > > > > I have set up asterisk to run as non root, and allow admin users to log > > > in to the server as asterisk, which gives them privileges to edit > > > configs in the asterisk home directory. > > > > The daemon runs as the user asterisk. There is no reason why the admin > > should run as the user asterisk. > > > > > > > > As for connecting to the console with 'asterisk -r' - this by default > > > does not work as asterisk is owned stored in /usr/sbin/asterisk > > > > > > I am reading that the best way to solve this is to use 'visudo' - I > > > added this:- > > > > > > asterisk ALL=/usr/sbin/asterisk -r NOPASSWD: ALL > > > > > > This is totally unrequired. You just need to set proper permissions for > > the socket /var/run/asterisk/asterisk.ctl . This is done in > > asterisk.conf - > > > > [files] > > ;astctlpermissions = 0660 > > ;astctlowner = root > > astctlgroup = asterisk > > ;astctl = asterisk.ctl > > > > http://svn.digium.com/svn/asterisk/branches/1.4/doc/asterisk-conf.txt > > > > > asterisk ALL=/usr/sbin/safe_asterisk NOPASSWD: ALL > > > > Why would Asterisk need to run safe_asterisk? > > > > With an arbitrary parameter? > > > > You may want to permit some administrator to do that, but not the > > asterisk daemon. This probably opens the door to priviliges escalations. > > > > -- > > Tzafrir Cohen > > icq#16849755 jabber:[EMAIL PROTECTED] > > +972-50-7952406 mailto:[EMAIL PROTECTED] > > http://www.xorcom.com iax:[EMAIL PROTECTED]/tzafrir > > > >
_______________________________________________ --Bandwidth and Colocation Provided by http://www.api-digital.com--
asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
