Summary:ASTERISK-05427: Asterisk 1.2.0 beta 2 is not able to run as a non-root user
Reporter:a (cyberdjheffer)Labels:
Date Opened:2005-11-02 10:39:19.000-0600Date Closed:2005-11-08 17:35:26.000-0600
Versions:Frequency of
Environment:Attachments:( 0) aaa3.txt
( 1) asterisk.conf
( 2) strace.txt
( 3) strace-all.txt
Description:Asterisk 1.2.0 beta 2 is not able to run as a non-root user.  The prior beta 1 version had no problems like this.  I am able to run Asterisk 1.2.0 beta 2 fine as a root user with realtime and MySQL features.  I am using Gentoo as a Linux distribution.  The attached strace.txt file is the result of the command:

strace -eopen asterisk -U asterisk -G asterisk

The attached aaa3 file is a script file I run to set permissions for files and directories.  The associated commands were taken from the web page:


Any help in solving this problem is greatly appreciated.

Comments:By: a (cyberdjheffer) 2005-11-02 10:45:25.000-0600

I always change the Asterisk Makefile so that the /var/run directory gets changed to /var/run/asterisk:


By: Tilghman Lesher (tilghman) 2005-11-02 11:11:37.000-0600

The strace indicates that your /var/run/asterisk directory is not owned by the user you're running as, despite what your script does.  Perhaps you have a system security script which is changing the ownership back to root?

By: a (cyberdjheffer) 2005-11-02 11:22:42.000-0600

No such system security script exists.

By: a (cyberdjheffer) 2005-11-02 11:36:49.000-0600

Why would the strace results indicate problems accessing /etc/localtime?  The permissions on that file are completely open at 777.  Could the /etc/localtime issue be a source of problems elsewhere?

By: Tilghman Lesher (tilghman) 2005-11-02 11:53:20.000-0600

Are you sure that /etc/localtime isn't a symlink to another file?

By: a (cyberdjheffer) 2005-11-02 11:58:59.000-0600

/etc/localtime points to /usr/share/zoneinfo/EST5EDT, but the file permissions of EST5EDT are set at 644, ownership at root:root.  There shouldn't be any problems reading this file as read only.  I never had /etc/localtime problems with Asterisk before.  Why would this pop up all of a sudden?

By: Matt O'Gorman (mogorman) 2005-11-02 16:44:31.000-0600

I don't believe this is actual issue with new beta but rather with configuration, can the bug be closed?

By: a (cyberdjheffer) 2005-11-02 16:52:25.000-0600

mogorman, I have configured Asterisk 1.2.0 beta 2 to the best of my ability and I need a solution to my problem.  If you know how to configure Asterisk to solve my problem, could you list the solution please?

By: a (cyberdjheffer) 2005-11-02 16:57:37.000-0600

The nature of this problem IS a problem with beta 2, because beta 1 never had this problem as I have stated previously.  As a result, something changed between beta 1 and 2 that is now causing running Asterisk as a non-root user to not work anymore.

By: a (cyberdjheffer) 2005-11-02 19:24:39.000-0600

Correction to earlier statement:  Something changed in the Asterisk source code between beta 1 and beta 2 that is now causing running Asterisk as a non-root user to not work anymore.

By: Kevin P. Fleming (kpfleming) 2005-11-07 21:27:08.000-0600

We are going to need quite a bit more info than this to have any hope of solving this problem; many other people run asterisk as a non-root user without difficulty.

To start with, please provide a complete strace of the last 40-50 operations that are done before the process dies. We also need an log output or anything else that may be generated.

By: a (cyberdjheffer) 2005-11-07 21:58:04.000-0600

kpfleming:  When I attempt to start 1.2.0 beta 2 as the "asterisk" user using the command asterisk -U asterisk -G asterisk, the process never starts at all.  The end result that shows up on my screen is the contents of the file strace.txt that I have provided here.  If it is possible to run 1.2.0 beta 2 as a non-root user differently than what I have been going through, I really need to know how to change what I am doing.  Apart from this, I'm not sure what else to tell you.

By: Kevin P. Fleming (kpfleming) 2005-11-07 22:07:42.000-0600

The strace output you have uploaded is filtered to only show open() calls. I want to see the entire output, in case something else is the reason for the failure.

By: a (cyberdjheffer) 2005-11-07 22:20:38.000-0600

I have uploaded a file called strace-all.txt that is the result of running the command:

strace -eall -v asterisk -U asterisk -G asterisk

By: Kevin P. Fleming (kpfleming) 2005-11-07 22:35:21.000-0600

Well, you have serious permissions problems there. Your non-root user can't read /etc/asterisk at all; notice that as soon as setuid() has been called, you start receiving 'permission denied' errors on the open requests.

What are the permissions on /etc and /var themselves?

By: a (cyberdjheffer) 2005-11-07 22:39:53.000-0600

The permissions on /etc and /var are below, obtained from the ls -al command.  These permissions are probably what got set when Gentoo was installed.

drwxr-xr-x   75 root     root         4096 Nov  7 03:54 etc
drwxr-xr-x   18 root     root         4096 Aug 22 16:30 var

By: Kevin P. Fleming (kpfleming) 2005-11-07 22:42:21.000-0600

Then let's go back to the basics: do 'su asterisk', and make sure you can read every one of those files that is failing to open.

By: a (cyberdjheffer) 2005-11-07 22:52:50.000-0600

I executed su asterisk.  I have no problems accessing the /etc/localtime and /etc/asterisk/extconfig.conf files using the more command.  /var/run/asterisk/asterisk.ctl is not a file at all and can't be read.
/var/run/asterisk/asterisk.pid doesn't exist because Asterisk doesn't start.

I never had these problems running beta 1 but now have them trying to run beta 2.  What could have changed in the source code between then and now to cause these problems?

By: Kevin P. Fleming (kpfleming) 2005-11-07 22:59:07.000-0600

Not a clue at this point... If you can give someone remote access to your system to help you debug this, please find a bug marshal on IRC and see what you can get arranged.

By: Matt O'Gorman (mogorman) 2005-11-08 00:13:23.000-0600

user error, bug is closed

By: Matt O'Gorman (mogorman) 2005-11-08 00:17:23.000-0600