9 thoughts on - Asterisk As Non Root

• Did you do the very first step:

  /etc/init.d/asterisk stop ?

  Did you do all the “chown” and “chmod” commands listed in those guidelines?

  Er, you can’t change to running as non-root without stopping the existing
  (started by root) service first…

  Show us the output of:

  # find / -name asterisk -exec ls -ld ‘{}’ \;

  Antony.

• The Asterisk package included with Debian already does that. Why not have a look at it?

  The options -U and -G are for the case of running Asterisk as root and having Asterisk change user and group afterwards. There are a number of options that only work that way (real-time priority, special socket permissions, IIRC).

  Alternatively you can use other mans to change to that user (–chuid or start-stop-daemon or User: and Group: in a systemd service file, or whatever). And then you don’t need those options.

  Read that text. But it is irrelevant for your situation.

  /root is not accessible by the user asterisk. This is mostly harmless, but not if you want to have core files (see also -g) and maybe a few other minor things.

  Because you already ran that command before. Or already have the system copy of asterisk running. Or whatever.

  Reading error messages helps.

• Hi. Here is the output of the command

  root@pbx: ~ $ find / -name asterisk -exec ls -ld ‘{}’ \;
  drwxr-xr-x 3 root root 4096 Apr 19 17:32 /usr/include/asterisk drwxr-x— 3 asterisk asterisk 4096 Apr 19 17:32 /usr/lib/asterisk
  -rwxr-xr-x 1 root root 9719880 Apr 19 17:27
  /usr/src/asterisk-11.25.1/main/asterisk drwxrwxr-x 3 1013 users 4096 Apr 19 16:56
  /usr/src/asterisk-11.25.1/include/asterisk
  -rwxr-xr-x 1 root root 9719880 Apr 19 17:32 /usr/sbin/asterisk root@pbx: ~ $

• Okay, those look reasonable to me – however I’m surprised at some which are missing:

  /var/log/asterisk
  /var/spool/asterisk
  /var/run/asterisk

  Did you *stop* Asterisk before trying to change it to run as non-root?

  I think Tzafrir Cohen’s comments are very well worth following.

  Antony.

• Hi. thanks a lot for your replies. I did stop the services and i did issued the the “chown” and “chmod” commands listed in the guide. It is necessary to compile it, instead if using the apt-get version What am i missing?

• Let’s go back to basics for a moment – you say this is a Debian system – in my experience Debian already runs Asterisk as the “asterisk” user and not as root, so let’s see what you have.

  1. Start Asterisk (probably using “/etc/init.d/asterisk start”, or maybe
  “service asterisk start”)

  2. Check who it’s running as: “ps aux | grep asterisk”

  Antony.

• root@PBX: /var/www/html $ /etc/init.d/asterisk start
  [ ok ] Starting asterisk (via systemctl): asterisk.service. root@PBX: /var/www/html $ ps aux | grep asterisk asterisk 1007 0.7 2.3 67128 23748 ? Ssl Apr19 8:49
  /usr/sbin/asterisk -U asterisk -G asterisk root 4186 0.0 0.1 4192 1992 pts/0 S+ 17:30 0:00 grep asterisk root@PBX: /var/www/html $ /usr/sbin/asterisk –rx “sip show peers”
  Privilege escalation protection disabled!
  See https://wiki.asterisk.org/wiki/x/1gKfAQ for more details. Asterisk already running on /var/run/asterisk/asterisk.ctl. Use ‘asterisk
  -r’ to connect. root@PBX: /var/www/html $

• I’m somewhat puzzled that your root-user prompt is “$”
  instead of the more normal “#”, but never mind…

  So, the first column of that output shows you that asterisk is running as the user “asterisk”.

  On my Debian system I only have “-U asterisk” without the “-G asterisk”.

  …and the grep command was run by “root”

  Who does “ls -l” show you that file /var/run/asterisk/asterisk.ctl is owned by?

  On my machine it’s:

  srwxrwx— 1 asterisk asterisk 0 Apr 11 10:32 /var/run/asterisk/asterisk.ctl

  Antony.

  —
  There’s a good theatrical performance about puns on in the West End. It’s a play on words.

  Please reply to the list;
  please *don’t* CC me.

  —

• the output of ls -l is root@pbx: ~ $ ls -l /var/run/asterisk/asterisk.ctl srwxr-xr-x 1 asterisk asterisk 0 Apr 20 19:47 /var/run/asterisk/asterisk.ctl root@pbx: ~ $