|Summary:||ASTERISK-05427: Asterisk 1.2.0 beta 2 is not able to run as a non-root user|
|Date Opened:||2005-11-02 10:39:19.000-0600||Date Closed:||2005-11-08 17:35:26.000-0600|
|Environment:||Attachments:||( 0) aaa3.txt|
( 1) asterisk.conf
( 2) strace.txt
( 3) strace-all.txt
|Description:||Asterisk 1.2.0 beta 2 is not able to run as a non-root user. The prior beta 1 version had no problems like this. I am able to run Asterisk 1.2.0 beta 2 fine as a root user with realtime and MySQL features. I am using Gentoo as a Linux distribution. The attached strace.txt file is the result of the command:|
strace -eopen asterisk -U asterisk -G asterisk
The attached aaa3 file is a script file I run to set permissions for files and directories. The associated commands were taken from the web page:
Any help in solving this problem is greatly appreciated.
|Comments:||By: a (cyberdjheffer) 2005-11-02 10:45:25.000-0600|
I always change the Asterisk Makefile so that the /var/run directory gets changed to /var/run/asterisk:
By: Tilghman Lesher (tilghman) 2005-11-02 11:11:37.000-0600
The strace indicates that your /var/run/asterisk directory is not owned by the user you're running as, despite what your script does. Perhaps you have a system security script which is changing the ownership back to root?
By: a (cyberdjheffer) 2005-11-02 11:22:42.000-0600
No such system security script exists.
By: a (cyberdjheffer) 2005-11-02 11:36:49.000-0600
Why would the strace results indicate problems accessing /etc/localtime? The permissions on that file are completely open at 777. Could the /etc/localtime issue be a source of problems elsewhere?
By: Tilghman Lesher (tilghman) 2005-11-02 11:53:20.000-0600
Are you sure that /etc/localtime isn't a symlink to another file?
By: a (cyberdjheffer) 2005-11-02 11:58:59.000-0600
/etc/localtime points to /usr/share/zoneinfo/EST5EDT, but the file permissions of EST5EDT are set at 644, ownership at root:root. There shouldn't be any problems reading this file as read only. I never had /etc/localtime problems with Asterisk before. Why would this pop up all of a sudden?
By: Matt O'Gorman (mogorman) 2005-11-02 16:44:31.000-0600
I don't believe this is actual issue with new beta but rather with configuration, can the bug be closed?
By: a (cyberdjheffer) 2005-11-02 16:52:25.000-0600
mogorman, I have configured Asterisk 1.2.0 beta 2 to the best of my ability and I need a solution to my problem. If you know how to configure Asterisk to solve my problem, could you list the solution please?
By: a (cyberdjheffer) 2005-11-02 16:57:37.000-0600
The nature of this problem IS a problem with beta 2, because beta 1 never had this problem as I have stated previously. As a result, something changed between beta 1 and 2 that is now causing running Asterisk as a non-root user to not work anymore.
By: a (cyberdjheffer) 2005-11-02 19:24:39.000-0600
Correction to earlier statement: Something changed in the Asterisk source code between beta 1 and beta 2 that is now causing running Asterisk as a non-root user to not work anymore.
By: Kevin P. Fleming (kpfleming) 2005-11-07 21:27:08.000-0600
We are going to need quite a bit more info than this to have any hope of solving this problem; many other people run asterisk as a non-root user without difficulty.
To start with, please provide a complete strace of the last 40-50 operations that are done before the process dies. We also need an log output or anything else that may be generated.
By: a (cyberdjheffer) 2005-11-07 21:58:04.000-0600
kpfleming: When I attempt to start 1.2.0 beta 2 as the "asterisk" user using the command asterisk -U asterisk -G asterisk, the process never starts at all. The end result that shows up on my screen is the contents of the file strace.txt that I have provided here. If it is possible to run 1.2.0 beta 2 as a non-root user differently than what I have been going through, I really need to know how to change what I am doing. Apart from this, I'm not sure what else to tell you.
By: Kevin P. Fleming (kpfleming) 2005-11-07 22:07:42.000-0600
The strace output you have uploaded is filtered to only show open() calls. I want to see the entire output, in case something else is the reason for the failure.
By: a (cyberdjheffer) 2005-11-07 22:20:38.000-0600
I have uploaded a file called strace-all.txt that is the result of running the command:
strace -eall -v asterisk -U asterisk -G asterisk
By: Kevin P. Fleming (kpfleming) 2005-11-07 22:35:21.000-0600
Well, you have serious permissions problems there. Your non-root user can't read /etc/asterisk at all; notice that as soon as setuid() has been called, you start receiving 'permission denied' errors on the open requests.
What are the permissions on /etc and /var themselves?
By: a (cyberdjheffer) 2005-11-07 22:39:53.000-0600
The permissions on /etc and /var are below, obtained from the ls -al command. These permissions are probably what got set when Gentoo was installed.
drwxr-xr-x 75 root root 4096 Nov 7 03:54 etc
drwxr-xr-x 18 root root 4096 Aug 22 16:30 var
By: Kevin P. Fleming (kpfleming) 2005-11-07 22:42:21.000-0600
Then let's go back to the basics: do 'su asterisk', and make sure you can read every one of those files that is failing to open.
By: a (cyberdjheffer) 2005-11-07 22:52:50.000-0600
I executed su asterisk. I have no problems accessing the /etc/localtime and /etc/asterisk/extconfig.conf files using the more command. /var/run/asterisk/asterisk.ctl is not a file at all and can't be read.
/var/run/asterisk/asterisk.pid doesn't exist because Asterisk doesn't start.
I never had these problems running beta 1 but now have them trying to run beta 2. What could have changed in the source code between then and now to cause these problems?
By: Kevin P. Fleming (kpfleming) 2005-11-07 22:59:07.000-0600
Not a clue at this point... If you can give someone remote access to your system to help you debug this, please find a bug marshal on IRC and see what you can get arranged.
By: Matt O'Gorman (mogorman) 2005-11-08 00:13:23.000-0600
user error, bug is closed
By: Matt O'Gorman (mogorman) 2005-11-08 00:17:23.000-0600