2008/9/27 Tzafrir Cohen <[EMAIL PROTECTED]>: > On Sat, Sep 27, 2008 at 10:10:23AM +1000, Russell Coker wrote: >> Package: asterisk >> Version: 1:1.4.21.2~dfsg-1+b1 >> Severity: normal >> >> Granting a daemon access to the root home directory is a security >> problem. >> >> Also having random files created in the /root directory is an annoyance. >> The correct place for .asterisk_history is under /var/lib/asterisk. > > Just to clarify: this happens if you run 'asterisk' directly as root. > This saves a history of the commands in the asterisk command-line > interface. History initialization is only done after the asterisk > process has potentially setuid. > > The default of the package (which is what happens when you use the > init.d script) is to run asterisk as the user 'asterisk'. Hence the > asterisk daemon does not open /root/.asterisk_history in our setup.
Sadly this not entirely true. It's the stop action of init.d script which creates .asterisk_history. # ls -ld /root/.asterisk_history && rm -f /root/.asterisk_history && /etc/init.d/asterisk stop && ls -ld /root/.asterisk_history && rm -f /root/.asterisk_history && /etc/init.d/asterisk start && ls -ld /root/.asterisk_history -rw------- 1 root root 13 2008-09-27 13:42 /root/.asterisk_history Stopping Asterisk PBX: asterisk. -rw------- 1 root root 13 2008-09-27 13:43 /root/.asterisk_history Starting Asterisk PBX: asterisk. ls: /root/.asterisk_history: No such file or directory Ondrej. -- Ondřej Surý <[EMAIL PROTECTED]>
