Hi Drexl, Quoting Drexl Johannes (2022-01-20 15:41:40) > I'm not entirely sure this poses a threat, but as I understand general > security directives state not to give the executing user of a service > write access to its config files and binaries. Yet after installing > the package the whole config directory as well as all included files > are owned by asterisk user and group as well as in mode 0640 (which I > suppose is a good decision for some files at least, talking about not > being world-readable). > > So, to improve security this probably has to be changed to > root:asterisk with mode 0640 (where necessary), or am I getting stuff > wrong here?
That sounds sensible to me - superficially, I am unaware if some subtle detail in Asterisk require special handling here. An obvious next step might be to try make the suggested change and see if it still seems to work the same. Did you try that already, Drexl? If not, can I ask you to try it? Kind regards, - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private
signature.asc
Description: signature
