Index: Makefile
===================================================================
RCS file: /usr/cvsroot/asterisk/Makefile,v
retrieving revision 1.218
diff -u -r1.218 Makefile
--- Makefile	1 Nov 2005 21:53:29 -0000	1.218
+++ Makefile	6 Nov 2005 00:59:21 -0000
@@ -731,6 +731,13 @@
 		echo "astrundir => $(ASTVARRUNDIR)" >> $(DESTDIR)$(ASTETCDIR)/asterisk.conf ; \
 		echo "astlogdir => $(ASTLOGDIR)" >> $(DESTDIR)$(ASTETCDIR)/asterisk.conf ; \
 		echo "" >> $(DESTDIR)$(ASTETCDIR)/asterisk.conf ; \
+		echo "; Change the following lines to run as user other then root." >> $(DESTDIR)$(ASTETCDIR)/asterisk.conf ; \
+		echo "; This will require a few directories and any zap hardware." >> $(DESTDIR)$(ASTETCDIR)/asterisk.conf ; \
+		echo "; to be owned by the user for proper access." >> $(DESTDIR)$(ASTETCDIR)/asterisk.conf ; \
+		echo ";[user]" >> $(DESTDIR)$(ASTETCDIR)/asterisk.conf ; \
+		echo ";runuser = $(RUNUSER)" >> $(DESTDIR)$(ASTETCDIR)/asterisk.conf ; \
+		echo ";rungroup = $(RUNGROUP)" >> $(DESTDIR)$(ASTETCDIR)/asterisk.conf ; \
+		echo "" >> $(DESTDIR)$(ASTETCDIR)/asterisk.conf ; \
 		echo "; Changing the following lines may compromise your security." >> $(DESTDIR)$(ASTETCDIR)/asterisk.conf ; \
 		echo ";[files]" >> $(DESTDIR)$(ASTETCDIR)/asterisk.conf ; \
 		echo ";astctlpermissions = 0660" >> $(DESTDIR)$(ASTETCDIR)/asterisk.conf ; \
Index: asterisk.c
===================================================================
RCS file: /usr/cvsroot/asterisk/asterisk.c,v
retrieving revision 1.189
diff -u -r1.189 asterisk.c
--- asterisk.c	1 Nov 2005 21:53:29 -0000	1.189
+++ asterisk.c	6 Nov 2005 00:59:23 -0000
@@ -195,6 +195,10 @@
 char ast_config_AST_PID[AST_CONFIG_MAX_PATH];
 char ast_config_AST_SOCKET[AST_CONFIG_MAX_PATH];
 char ast_config_AST_RUN_DIR[AST_CONFIG_MAX_PATH];
+;char ast_config_AST_RUN_USER[AST_CONFIG_MAX_PATH] = "\0";
+;char ast_config_AST_RUN_GROUP[AST_CONFIG_MAX_PATH] = "\0";
+char ast_config_AST_RUN_USER[AST_CONFIG_MAX_PATH];
+char ast_config_AST_RUN_GROUP[AST_CONFIG_MAX_PATH];
 char ast_config_AST_CTL_PERMISSIONS[AST_CONFIG_MAX_PATH];
 char ast_config_AST_CTL_OWNER[AST_CONFIG_MAX_PATH] = "\0";
 char ast_config_AST_CTL_GROUP[AST_CONFIG_MAX_PATH] = "\0";
@@ -1820,6 +1824,15 @@
 		}
 		v = v->next;
 	}
+	v = ast_variable_browse(cfg, "user");
+	while (v) {
+		if (!strcasecmp(v->name, "runuser")) {
+			ast_copy_string(ast_config_AST_RUN_USER, v->value, sizeof(ast_config_AST_RUN_USER));
+		} else if (!strcasecmp(v->name, "rungroup")) {
+			ast_copy_string(ast_config_AST_RUN_GROUP, v->value, sizeof(ast_config_AST_RUN_GROUP));
+		}
+		v = v->next;
+	}
 	v = ast_variable_browse(cfg, "options");
 	while(v) {
 		/* verbose level (-v at startup) */
@@ -2048,6 +2061,10 @@
 		ast_verbose("[ Reading Master Configuration ]");
 	ast_readconfig();
 
+	if ((!rungroup) && !ast_strlen_zero(ast_config_AST_RUN_GROUP))
+		rungroup = ast_config_AST_RUN_GROUP;
+	if ((!runuser) && !ast_strlen_zero(ast_config_AST_RUN_USER))
+		runuser = ast_config_AST_RUN_USER;
 #ifndef __CYGWIN__
 
 	if (!is_child_of_nonroot && ast_set_priority(option_highpriority)) {
@@ -2065,6 +2082,10 @@
 			ast_log(LOG_WARNING, "Unable to setgid to %d (%s)\n", gr->gr_gid, rungroup);
 			exit(1);
 		}
+		if (setgroups(0, NULL)) {
+			ast_log(LOG_WARNING, "Unable to drop unneeded groups\n");
+			exit(1);
+		}
 		if (option_verbose)
 			ast_verbose("Running as group '%s'\n", rungroup);
 	}