Asterisk As Non Root

Home » Asterisk Users » Asterisk As Non Root
Asterisk Users 9 Comments

hello there. i am running debian 8 in my swerver and i would like to run asterisk as non root. i did follow the https://www.voip-info.org/wiki-Asterisk+non-root without any success. when i issue root@PBX: ~ $ asterisk -U asterisk -G asterisk Privilege escalation protection disabled!
See https://wiki.asterisk.org/wiki/x/1gKfAQ for more details. Unable to access the running directory (Permission denied). Changing to ‘/’
for compatibility. Asterisk already running on /var/run/asterisk/asterisk.ctl. Use ‘asterisk
-r’ to connect. root@PBX: ~ $

any ideas on how to fix that please?

9 thoughts on - Asterisk As Non Root

  • Did you do the very first step:

    /etc/init.d/asterisk stop ?

    Did you do all the “chown” and “chmod” commands listed in those guidelines?

    Er, you can’t change to running as non-root without stopping the existing
    (started by root) service first…

    Show us the output of:

    # find / -name asterisk -exec ls -ld ‘{}’ \;

    Antony.

  • The Asterisk package included with Debian already does that. Why not have a look at it?

    The options -U and -G are for the case of running Asterisk as root and having Asterisk change user and group afterwards. There are a number of options that only work that way (real-time priority, special socket permissions, IIRC).

    Alternatively you can use other mans to change to that user (–chuid or start-stop-daemon or User: and Group: in a systemd service file, or whatever). And then you don’t need those options.

    Read that text. But it is irrelevant for your situation.

    /root is not accessible by the user asterisk. This is mostly harmless, but not if you want to have core files (see also -g) and maybe a few other minor things.

    Because you already ran that command before. Or already have the system copy of asterisk running. Or whatever.

    Reading error messages helps.

  • Hi. Here is the output of the command

    root@pbx: ~ $ find / -name asterisk -exec ls -ld ‘{}’ \;
    drwxr-xr-x 3 root root 4096 Apr 19 17:32 /usr/include/asterisk drwxr-x— 3 asterisk asterisk 4096 Apr 19 17:32 /usr/lib/asterisk
    -rwxr-xr-x 1 root root 9719880 Apr 19 17:27
    /usr/src/asterisk-11.25.1/main/asterisk drwxrwxr-x 3 1013 users 4096 Apr 19 16:56
    /usr/src/asterisk-11.25.1/include/asterisk
    -rwxr-xr-x 1 root root 9719880 Apr 19 17:32 /usr/sbin/asterisk root@pbx: ~ $

  • Okay, those look reasonable to me – however I’m surprised at some which are missing:

    /var/log/asterisk
    /var/spool/asterisk
    /var/run/asterisk

    Did you *stop* Asterisk before trying to change it to run as non-root?

    I think Tzafrir Cohen’s comments are very well worth following.

    Antony.

  • Hi. thanks a lot for your replies. I did stop the services and i did issued the the “chown” and “chmod” commands listed in the guide. It is necessary to compile it, instead if using the apt-get version What am i missing?

  • Let’s go back to basics for a moment – you say this is a Debian system – in my experience Debian already runs Asterisk as the “asterisk” user and not as root, so let’s see what you have.

    1. Start Asterisk (probably using “/etc/init.d/asterisk start”, or maybe
    “service asterisk start”)

    2. Check who it’s running as: “ps aux | grep asterisk”

    Antony.

  • root@PBX: /var/www/html $ /etc/init.d/asterisk start
    [ ok ] Starting asterisk (via systemctl): asterisk.service. root@PBX: /var/www/html $ ps aux | grep asterisk asterisk 1007 0.7 2.3 67128 23748 ? Ssl Apr19 8:49
    /usr/sbin/asterisk -U asterisk -G asterisk root 4186 0.0 0.1 4192 1992 pts/0 S+ 17:30 0:00 grep asterisk root@PBX: /var/www/html $ /usr/sbin/asterisk –rx “sip show peers”
    Privilege escalation protection disabled!
    See https://wiki.asterisk.org/wiki/x/1gKfAQ for more details. Asterisk already running on /var/run/asterisk/asterisk.ctl. Use ‘asterisk
    -r’ to connect. root@PBX: /var/www/html $

  • I’m somewhat puzzled that your root-user prompt is “$”
    instead of the more normal “#”, but never mind…

    So, the first column of that output shows you that asterisk is running as the user “asterisk”.

    On my Debian system I only have “-U asterisk” without the “-G asterisk”.

    …and the grep command was run by “root”

    Who does “ls -l” show you that file /var/run/asterisk/asterisk.ctl is owned by?

    On my machine it’s:

    srwxrwx— 1 asterisk asterisk 0 Apr 11 10:32 /var/run/asterisk/asterisk.ctl

    Antony.


    There’s a good theatrical performance about puns on in the West End. It’s a play on words.

    Please reply to the list;
    please *don’t* CC me.

  • the output of ls -l is root@pbx: ~ $ ls -l /var/run/asterisk/asterisk.ctl srwxr-xr-x 1 asterisk asterisk 0 Apr 20 19:47 /var/run/asterisk/asterisk.ctl root@pbx: ~ $

LEAVE A COMMENT