Summary: | ASTERISK-05427: Asterisk 1.2.0 beta 2 is not able to run as a non-root user | ||
Reporter: | a (cyberdjheffer) | Labels: | |
Date Opened: | 2005-11-02 10:39:19.000-0600 | Date Closed: | 2005-11-08 17:35:26.000-0600 |
Priority: | Minor | Regression? | No |
Status: | Closed/Complete | Components: | Core/General |
Versions: | Frequency of Occurrence | ||
Related Issues: | |||
Environment: | Attachments: | ( 0) aaa3.txt ( 1) asterisk.conf ( 2) strace.txt ( 3) strace-all.txt | |
Description: | Asterisk 1.2.0 beta 2 is not able to run as a non-root user. The prior beta 1 version had no problems like this. I am able to run Asterisk 1.2.0 beta 2 fine as a root user with realtime and MySQL features. I am using Gentoo as a Linux distribution. The attached strace.txt file is the result of the command: strace -eopen asterisk -U asterisk -G asterisk The attached aaa3 file is a script file I run to set permissions for files and directories. The associated commands were taken from the web page: http://www.voip-info.org/wiki-Asterisk+non-root Any help in solving this problem is greatly appreciated. | ||
Comments: | By: a (cyberdjheffer) 2005-11-02 10:45:25.000-0600 I always change the Asterisk Makefile so that the /var/run directory gets changed to /var/run/asterisk: ASTVARRUNDIR=$(INSTALL_PREFIX)/var/run/asterisk By: Tilghman Lesher (tilghman) 2005-11-02 11:11:37.000-0600 The strace indicates that your /var/run/asterisk directory is not owned by the user you're running as, despite what your script does. Perhaps you have a system security script which is changing the ownership back to root? By: a (cyberdjheffer) 2005-11-02 11:22:42.000-0600 No such system security script exists. By: a (cyberdjheffer) 2005-11-02 11:36:49.000-0600 Why would the strace results indicate problems accessing /etc/localtime? The permissions on that file are completely open at 777. Could the /etc/localtime issue be a source of problems elsewhere? By: Tilghman Lesher (tilghman) 2005-11-02 11:53:20.000-0600 Are you sure that /etc/localtime isn't a symlink to another file? By: a (cyberdjheffer) 2005-11-02 11:58:59.000-0600 /etc/localtime points to /usr/share/zoneinfo/EST5EDT, but the file permissions of EST5EDT are set at 644, ownership at root:root. There shouldn't be any problems reading this file as read only. I never had /etc/localtime problems with Asterisk before. Why would this pop up all of a sudden? By: Matt O'Gorman (mogorman) 2005-11-02 16:44:31.000-0600 I don't believe this is actual issue with new beta but rather with configuration, can the bug be closed? By: a (cyberdjheffer) 2005-11-02 16:52:25.000-0600 mogorman, I have configured Asterisk 1.2.0 beta 2 to the best of my ability and I need a solution to my problem. If you know how to configure Asterisk to solve my problem, could you list the solution please? By: a (cyberdjheffer) 2005-11-02 16:57:37.000-0600 The nature of this problem IS a problem with beta 2, because beta 1 never had this problem as I have stated previously. As a result, something changed between beta 1 and 2 that is now causing running Asterisk as a non-root user to not work anymore. By: a (cyberdjheffer) 2005-11-02 19:24:39.000-0600 Correction to earlier statement: Something changed in the Asterisk source code between beta 1 and beta 2 that is now causing running Asterisk as a non-root user to not work anymore. By: Kevin P. Fleming (kpfleming) 2005-11-07 21:27:08.000-0600 We are going to need quite a bit more info than this to have any hope of solving this problem; many other people run asterisk as a non-root user without difficulty. To start with, please provide a complete strace of the last 40-50 operations that are done before the process dies. We also need an log output or anything else that may be generated. By: a (cyberdjheffer) 2005-11-07 21:58:04.000-0600 kpfleming: When I attempt to start 1.2.0 beta 2 as the "asterisk" user using the command asterisk -U asterisk -G asterisk, the process never starts at all. The end result that shows up on my screen is the contents of the file strace.txt that I have provided here. If it is possible to run 1.2.0 beta 2 as a non-root user differently than what I have been going through, I really need to know how to change what I am doing. Apart from this, I'm not sure what else to tell you. By: Kevin P. Fleming (kpfleming) 2005-11-07 22:07:42.000-0600 The strace output you have uploaded is filtered to only show open() calls. I want to see the entire output, in case something else is the reason for the failure. By: a (cyberdjheffer) 2005-11-07 22:20:38.000-0600 I have uploaded a file called strace-all.txt that is the result of running the command: strace -eall -v asterisk -U asterisk -G asterisk By: Kevin P. Fleming (kpfleming) 2005-11-07 22:35:21.000-0600 Well, you have serious permissions problems there. Your non-root user can't read /etc/asterisk at all; notice that as soon as setuid() has been called, you start receiving 'permission denied' errors on the open requests. What are the permissions on /etc and /var themselves? By: a (cyberdjheffer) 2005-11-07 22:39:53.000-0600 The permissions on /etc and /var are below, obtained from the ls -al command. These permissions are probably what got set when Gentoo was installed. drwxr-xr-x 75 root root 4096 Nov 7 03:54 etc drwxr-xr-x 18 root root 4096 Aug 22 16:30 var By: Kevin P. Fleming (kpfleming) 2005-11-07 22:42:21.000-0600 Then let's go back to the basics: do 'su asterisk', and make sure you can read every one of those files that is failing to open. By: a (cyberdjheffer) 2005-11-07 22:52:50.000-0600 I executed su asterisk. I have no problems accessing the /etc/localtime and /etc/asterisk/extconfig.conf files using the more command. /var/run/asterisk/asterisk.ctl is not a file at all and can't be read. /var/run/asterisk/asterisk.pid doesn't exist because Asterisk doesn't start. I never had these problems running beta 1 but now have them trying to run beta 2. What could have changed in the source code between then and now to cause these problems? By: Kevin P. Fleming (kpfleming) 2005-11-07 22:59:07.000-0600 Not a clue at this point... If you can give someone remote access to your system to help you debug this, please find a bug marshal on IRC and see what you can get arranged. By: Matt O'Gorman (mogorman) 2005-11-08 00:13:23.000-0600 user error, bug is closed By: Matt O'Gorman (mogorman) 2005-11-08 00:17:23.000-0600 oops |