Asterisk pod rootem. Ano, Ne ?

Asterisk v chrootu ano, pod rootem nikdy! :-D

Nevykej mi, ja ti taky nebudu vykat...↵ Mar 13 11:53:32 nevykat last message repeated 2324661 times

15.1.2008 13:02 jarous
Rozbalit Rozbalit vše Re: Asterisk pod rootem. Ano, Ne ?

ja ho mam bohuzel pod rootem.. muzes nebo muzete mi prosim nejakymi body poradit, jak to zmenim? prosim prosim:)

15.1.2008 19:36 osladil | skóre: 12
Rozbalit Rozbalit vše Re: Asterisk pod rootem. Ano, Ne ?

Tech zpusobu bude asi vice, na jake distribuci to provozujes?

15.1.2008 20:10 ladaan | skóre: 9 | Tišnov
Rozbalit Rozbalit vše Re: Asterisk pod rootem. Ano, Ne ?

a jak Asterisk spoustis? mam debian a s instalaci balicku se me take nainstaloval skript

/etc/init.d/asterisk

Z tohoto skriptu se prave Asterisk spusti pod uzivatelem asterisk.

16.1.2008 16:58 jarous
Rozbalit Rozbalit vše Re: Asterisk pod rootem. Ano, Ne ?

mam taky tento skript, ale asterisk jsem si kompiloval sam... co mam tedy udelat, aby se mi Asterisk spoustel pod uzivatelem asterisk? jaka prava atd.. samozrejme si vytvorim UID a GID Asterisk... diky

mam Debian Etch

16.1.2008 17:51 jarous
Rozbalit Rozbalit vše Re: Asterisk pod rootem. Ano, Ne ?

tohle je muj spousteci skript:

#! /bin/sh
# $Id: rc.debian.asterisk 67061 2007-06-04 17:11:43Z tilghman $
#
# asterisk      start the asterisk PBX

PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
NAME=asterisk
DESC="Asterisk PBX"
# Full path to asterisk binary
DAEMON=/usr/sbin/asterisk

# Full path to safe_asterisk script
SAFE_ASTERISK=/usr/sbin/safe_asterisk

if ! [ -x $DAEMON ] ; then
        echo "ERROR: /usr/sbin/asterisk not found"
        exit 0
fi

if ! [ -d /etc/asterisk ] ; then
        echo "ERROR: /etc/asterisk directory not found"
        exit 0

fi

set -e

case "$1" in
  start)
        echo -n "Starting $DESC: "
        if [ -f $SAFE_ASTERISK ] ; then
                DAEMON=$SAFE_ASTERISK
        fi
        if [ $AST_USER ] ; then
                ASTARGS="-U $AST_USER"
        fi
        if [ $AST_GROUP ] ; then
                ASTARGS="`echo $ASTARGS` -G $AST_GROUP"
        fi
        start-stop-daemon --start --exec $DAEMON -- $ASTARGS
        echo "$NAME."
        ;;
  stop)
        echo -n "Stopping $DESC: "
        $DAEMON -rx 'stop now' > /dev/null 2> /dev/null && echo -n "$NAME"
        echo "."
        exit 0
        ;;
  reload)
        echo "Reloading $DESC configuration files."
        $DAEMON -rx 'reload' > /dev/null 2> /dev/null
        ;;
  restart|force-reload)
        $DAEMON -rx 'restart gracefully' > /dev/null 2> /dev/null && echo -n "$N
        ;;
  *)
        N=/etc/init.d/$NAME
        echo "Usage: $N {start|stop|restart|reload|force-reload}" >&2
        exit 1
        ;;
esac

exit 0

17.1.2008 00:31 ladaan | skóre: 9 | Tišnov
Rozbalit Rozbalit vše Re: Asterisk pod rootem. Ano, Ne ?

Vytvorit uzivatele a skupinu by melo stacit. V /etc/passwd zmen na konci radku pro uzivatele asterisk na /bin/false. To aby se nikdo pod timto uzivatelem nemohl prihlasit. Prikladam muj skript. ktery mam v init.d. Jen si zkontroluj cesty, kam se po "make install" nainstalovaly binarky a jestli to sedi se skriptem. Pro spusteni Asterisku pri startu kompu muzes pouzit

update-rc.d asterisk defaults 21

Muj skript(ktery je i v debianim balicku):

#! /bin/sh
#
# asterisk	start the asterisk PBX

PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
NAME=asterisk
USER=$NAME
GROUP=$USER
DAEMON=/usr/sbin/$NAME
DESC="Asterisk PBX"
PIDFILE="/var/run/asterisk/asterisk.pid"
ASTSAFE_PIDFILE="/var/run/asterisk/asterisk_safe.pid"

# by default: use real-time priority
PARAMS=""
AST_REALTIME="yes"
RUNASTERISK="no"
if [ -r /etc/default/$NAME ]; then . /etc/default/$NAME; fi

if [ "$RUNASTERISK" != "yes" ];then
	echo "Asterisk not yet configured. Edit /etc/default/asterisk first."
	exit 0
fi

if [ "$AST_REALTIME" != "no" ]
then
  PARAMS="$PARAMS -p"
fi

if [ "x$USER" = "x" ]
then
  echo "Error: empty USER name"
  exit 1
fi
if [ `id -u "$USER"` = 0 ]
then
  echo "Starting as root not supported."
  exit 1
fi
PARAMS="$PARAMS -U $USER"

if [ "x$AST_DEBUG_PARAMS" = x ] 
then
  AST_DEBUG_PARAMS=-cvvvvvddddd
fi
if [ "$RUNASTSAFE" = "yes" ];then
	# The value of WRAPPER_DAEMON in can be set in /etc/default/asterisk
	WRAPPER_DAEMON=${WRAPPER_DAEMON:-/usr/sbin/safe_asterisk}
	REALDAEMON="$WRAPPER_DAEMON"
else
	REALDAEMON="$DAEMON"
fi

test -x $DAEMON || exit 0

set -e

status() {
	plist=`ps auxw | grep "$DAEMON" | grep -v grep | awk '{print $2}' | tr '\012' ' '`
	if [ "$plist" = "" ]; then
		echo "$DESC is stopped"
		return 1
	else
		echo "$DESC is running: $plist"
		return 0
	fi
}

case "$1" in
  debug)
	# we add too many special parameters that I don't want to skip
	# accidentally. I'm afraid that skipping -U once may cause
	# confusing results. I also want to maintain the user's choice
	# of -p
	echo "Debugging $DESC: "
	$DAEMON $PARAMS $AST_DEBUG_PARAMS
	exit 0
	;;
  start)
	if status > /dev/null; then
		echo "$DESC is already running. Use restart."
		exit 0
	fi
	echo -n "Starting $DESC: "
	if [ "$RUNASTSAFE" != "yes" ];then
		# TODO: what if we cought the wrapper just as its asterisk
		# was killed? status should check for the wrapper if we're in
		# "safe mode"
		if status > /dev/null; then
			echo "$DESC is already running. Use restart."
			exit 0
		fi
		start-stop-daemon --start --group $GROUP --pidfile "$PIDFILE" \
			--exec $REALDAEMON -- $PARAMS
	else
		start-stop-daemon --start --group $GROUP --make-pidfile \
			--pidfile "$ASTSAFE_PIDFILE" \
			--exec $REALDAEMON -- $PARAMS
	fi
		
	
	echo "$NAME."
	;;
  stop)
	echo -n "Stopping $DESC: "
	if [ "$RUNASTSAFE" = "yes" ];then
		# hopefully this will work. Untested
		$REALDAEMON -rx 'stop now' > /dev/null  || true
	else
		# Try gracefully.
		# this may hang in some cases. Specifically, when the asterisk
		# processes is stopped. No bother to worry about cleanup: 
		# it will either fail or die when asterisk dies.
		( $DAEMON -rx 'stop now' > /dev/null 2>&1 & ) &
	fi
	echo -n "$NAME"
	## giving a small grace time to shut down cleanly.
	#sleep 2 # you can add timeouts in the comma
	if [ "$RUNASTSAFE" = "yes" ];then
		start-stop-daemon --quiet --pidfile $ASTSAFE_PIDFILE --oknodo \
			--stop
	fi
	# just making sure it's really, really dead. 
	# KILL is necessary just in case there's an asterisk -r in the background
	start-stop-daemon --stop --quiet --oknodo --retry=0/2/TERM/2/KILL/5 --exec $DAEMON
	echo "."
	;;
  reload)
	echo "Reloading $DESC configuration files."
	$DAEMON -rx 'reload' || true
	;;
  logger-reload)
	$DAEMON -rx 'logger reload' || true
	;;
  extensions-reload)
	echo "Reloading $DESC configuration files."
	$DAEMON -rx 'extensions reload' || true
	;;
  restart|force-reload)
	$0 stop
	$0 start
	;;
  status)
	status
	exit $?
	;;
  zaptel-fix) 	 
	echo "Unloading and reloading loading Asterisk and Zaptel:" 	 
	$0 stop 	 
	/etc/init.d/zaptel unload 	 
	# load modules from /etc/modules. This will break if you count on 	 
	# discover/hotplug 	 
	/etc/init.d/module-init-tools 	 
	/etc/init.d/zaptel start 	 
	$0 start 	 
	;; 	 
  *)
	N=/etc/init.d/$NAME
	echo "Usage: $N {start|stop|restart|reload|status|debug|logger-reload|extensions-reload|force-reload}" >&2
	exit 1
	;;
esac

exit 0

17.1.2008 00:39 ladaan | skóre: 9 | Tišnov
Rozbalit Rozbalit vše Re: Asterisk pod rootem. Ano, Ne ?

jo a jeste, aby ten muj skript fungoval, tak do /etc/default/asterisk uloz nasledujici: (jinak podle meho nazoru, sice to neni cista prace, bych si nainstaloval Asterisk s debian balicku a pak jen prepsal binarky, ktere sis zkompiloval a byla by to rychla prace :). Ale to udelej jen v pripade pokud vis co se deje po nainstalovani a kde se co na instalovalo napr. pomoci dpkg -L asterisk)

# This file allows you to alter the configuration of the Asterisk
# init.d script
#
# RUNASTERISK: run asterisk upon boot. Should be set to "yes" once you have
#              setup your configuration.
RUNASTERISK=yes
#
#
# AST_REALTIME: if set to anything other than "no", asterisk will run in 
#               real-time priority (pass '-p' to asterisk). un-rem the 
#               following line to disable asterisk from running in real-time 
#               priority
#AST_REALTIME=yes
#
# PARAMS: extra parameters to pass to asterisk
#         The example here may help you in debugging, but is 
#         *not**intended**for**production**use*.
#         When you give -G *only* that group will be used,
#         else all groups of the asterisk user.
#PARAMS="-D -g -vvv"
#
#
# RUNASTSAFE: run safe_asterisk rather than asterisk (will auto-restart upon
#             crash)
#RUNASTSAFE=yes

super diky, jak na to koukam, nebude mi stacit, kdyz do toho myho skriptu pridam tohle?:

USER=$NAME
GROUP=$USER

a prava pro adresare a soubory Asterisku nastavim pro uzivatele a skupinu Asterisk?

17.1.2008 15:38 ladaan | skóre: 9 | Tišnov
Rozbalit Rozbalit vše Re: Asterisk pod rootem. Ano, Ne ?

no radsi si ty skripty porovnej detailneji. Nestaci pridat jen co si uvedl. Prava pro adresare a soubory muzes nechat jako root.

19.1.2008 20:27 Pavel
Rozbalit Rozbalit vše Re: Asterisk pod rootem. Ano, Ne ?

co zmenit aby se to spoustelo pod jinym userem? ja bych si to chtel taky prehodit z roota a nemuzu prijit na to jak. budu rad za kazdou radu,valcim s tim tady uz 2 dny.

20.1.2008 10:10 ladaan | skóre: 9 | Tišnov
Rozbalit Rozbalit vše Re: Asterisk pod rootem. Ano, Ne ?

Omlouvam se Jarousovi. Jsem nejak prehledl, ze by opravdu melo stacit v tvem skriptu definovat USER a GROUP teda spis konkretne AST_USER a AST_GROUP. Popravde Asterisk zas az tak moc neznam, ale ted jsem si vsimnul, ze se Asterisk spusti s parametry

/usr/sbin/asterisk -p -U asterisk -G asterisk

tak, aby bezel pod jinym uzivatelem.

asterisk -help

Sorry za mystifikaci :)

20.1.2008 12:24 jarous
Rozbalit Rozbalit vše Re: Asterisk pod rootem. Ano, Ne ?

diky, vyzkousim a uvidim.. ted jsem nemel stejne cas, tak jsem to neresil. Kdyby neco, tak budu zase otravovat:o)

Dotaz: Asterisk pod rootem. Ano, Ne ?

Odpovědi