Tony, As you are aware I'm running multiple asterisk instances on the same physical, to prevent problems each instance is running as a different user. I'd like to share files such as those under /var/lib/asterisk/{moh,sounds}. These files are currently installed owned asterisk:asterisk, mode 660 for files, and 770 for directories. I can't see that asterisk itself has any need to (normally) write to these locations. I also install a /uls/ under each of those where both apache and asterisk has write access to enable user-uploads of sounds/recordings/moh and this works (going to need to tweak that process a bit now too). However, for easier maintenance I'm utilizing symlinks to clone to core files from /var/lib/asterisk/* into /var/lib/asterisk.${instance}/ (full clone of folders, files are linked). The "other" (non-core) instances are now having (due to them not running as asterisk:asterisk) unable to access those files. Since asterisk shouldn't ordinarily need to write to these locations my suggestion is to install the files and folders under /var/lib/asterisk/{sounds,moh}/ as root:root with perms 755 for folders, and 644 for files. A manual chown/chmod of the affected folders/files on one of my systems resolved the problem for us. Reproducible: Always
If I could have this as a patch to the current ebuild, it will be in the next Asterisk release. Or, if urgent, on an -r1. Let me know.
Created attachment 383910 [details, diff] asterisk-11.11.0-ebuild-config-files-as-root.patch Hi Tony, I forgot about this. Similar arguments apply for the config files, bitten me three times now, so I came digging again. Attaching a patch for asterisk itself so long, will cook patches for the other ebuilds mentioned in a second.
Created attachment 383912 [details, diff] asterisk-core-sounds-1.4.22-ebuild-root-owned.patch
Created attachment 383914 [details, diff] astersik-extra-sounds-1.4.22-ebuild-root-owned.patch
Created attachment 383916 [details, diff] asterisk-moh-opsound-3.02-ebuild-root-owned.patch
That covers it. Looks like the core asterisk build creates the sounds and moh folders as root anyway, so that's all good. It's just the three ebuilds that installs into them incorrectly, and then the config files currently that's giving me problems. No rush, next release inclusion would be adequate.
+*asterisk-11.13.0 (29 Sep 2014) + + 29 Sep 2014; Tony Vroon <chainsaw@gentoo.org> -asterisk-11.10.2.ebuild, + +asterisk-11.13.0.ebuild: + Additional resilience against invalid (ao2) object references. FORTIFY_SOURCE + fix now upstream. Modify permissions to suit a multi-daemon setup as per Jaco + Kroon in bug #507894.
+*asterisk-12.6.0 (29 Sep 2014) + + 29 Sep 2014; Tony Vroon <chainsaw@gentoo.org> +asterisk-12.6.0.ebuild: + Additional resilience against invalid (ao2) object references. Now supports + empty passwords for PJSIP userpass authentication. Masquerade fixes for T38 + between PJSIP and non-PJSIP chanels. FORTIFY_SOURCE fix now upstream. Modify + permissions to suit a multi-daemon setup as per Jaco Kroon in bug #507894.
This was fixed a long time ago, but I never closed the bug.
Hi Tony, Yes, the patch for asterisk 11.11.0 was applied (and may contain a bug): # keep directories - diropts -m 0770 -o asterisk -g asterisk - keepdir /etc/asterisk + diropts -m 0770 -o asterisk asterisk keepdir /var/lib/asterisk keepdir /var/spool/asterisk keepdir /var/spool/asterisk/{system,tmp,meetme,monitor,dictate,voicemail} We don't need the keepdir for /etc/asterisk (we install files into that folder so it's fine), and I suspect the same applies to /var/spool/asterisk (asterisk doesn't need to write to /var/spool/asterisk itself that I'm aware of) and /var/lib/asterisk (It needs write here for astdb - which I typically move into /var/lib/asterisk/astdb which resides on ramdisk). However, you'll note I dropped the -g on the diropts there by accident. The patches for asterisk-core-sounds, asterisk-extra-sounds and asterisk-moh-opsound has not been applied, and these have bitten me again recently. I'm thus re-opening here, you're welcome to indicate WONTFIX and I'll find another way (chown + chmod from another config script), but I'd prefer if we can fix this here.
(In reply to Jaco Kroon from comment #10) > We don't need the keepdir for /etc/asterisk (we install files into that > folder so it's fine) Even with USE="-samples"? > I suspect the same applies to /var/spool/asterisk I have had grave voicemail setup issues without it. > However, you'll note I dropped the -g on the diropts there by accident. Can you obsolete the ebuild patch and do a new one that is guaranteed to apply? > The patches for asterisk-core-sounds, asterisk-extra-sounds and > asterisk-moh-opsound has not been applied, and these have bitten me again > recently. As long as they still apply I will pick them up for this bug.
Newest ebuilds contains these fixes.