Attachment #447888 for bug #594964

View | Details | Raw Unified | Return to bug 594964
Collapse All | Expand All





	if [ -n "${ASTERISK_USER}" ]; then
		ast_user="${ASTERISK_USER%%:*}"
		if [[ "${ASTERISK_USER}" = *:* ]]; then
			ast_group="${ASTERISK_USER#*:}"
			ast_group="${ast_group%%:*}"
		else
			ast_group=""
		fi

		[ -z "${ast_user}" ] && ast_user=root
		[ -n "${ast_group}" ] && ast_prim_group="${ast_group}" || ast_prim_group="$(getent group $(getent passwd "${ast_user}" | awk -F: '{ print $4 }') | sed -re 's/:.*//')"
	fi

	[ -z "${ast_user}" ] && ast_user=root
	[ -z "${ast_prim_group}" ] && ast_prim_group=root

	return 0
}

	setup_svc_variables

	local path
	checkpath -d -m 0755 -o ${ast_user}:${ast_prim_group} "${ast_logdir}" "${ast_rundir}" "${ast_spooldir}"
	for path in "${ast_rundir}" "${ast_spooldir}" "${ast_logdir}"; do
		ebegin "Checking ${path}"
		find "${path}" ! -user "${ast_user}" | while read element; do

		if [ -n "${ASTERISK_CORE_DIR}" ] && \
		   [ ! -d "${ASTERISK_CORE_DIR}" ]
		then
			checkpath -d -m 0755 -o ${ast_user}:${ast_prim_group} "${ASTERISK_CORE_DIR}"
		fi
		ASTERISK_CORE_DIR="${ASTERISK_CORE_DIR:-/tmp}"


	fi
	OPTS="${OPTS} -U ${ast_user}"

	if ! getent group "${ast_prim_group}" &>/dev/null; then
		eerror "Requested to run asterisk with group ${ast_prim_group}, which doesn't exist."
		return 1
	fi
	[ -n "${ast_group}" ] && OPTS="${OPTS} -G ${ast_group}"
	
	if [ "${ast_user}" = root ]; then
		ewarn "Starting asterisk as root is not recommended (SERIOUS SECURITY CONSIDERATIONS)."
	elif [ "${ast_prim_group}" = root ]; then
		ewarn "Starting asterisk with group root is not recommended (SERIOUS SECURITY CONSIDERATIONS)."
	fi

	checkpath -d -m 0755 -o "${ast_user}:${ast_prim_group}" "${ast_logdir}" "${ast_rundir}"
	einfo "Starting asterisk as      : ${ast_user}:${ast_group:-${ast_prim_group} (+supplementaries)}"
	asterisk_run_loop ${OPTS} 2>&1 | logger -t "wrapper:${ast_instancename}" &
	result=$?


Return to bug 594964

Lines 53-66 Link Here

(-)asterisk.orig (-12 / +17 lines)
53		53
54	if [ -n "${ASTERISK_USER}" ]; then	54	if [ -n "${ASTERISK_USER}" ]; then
55	ast_user="${ASTERISK_USER%%:*}"	55	ast_user="${ASTERISK_USER%%:*}"
56	ast_group="${ASTERISK_USER#*:}"	56	if [[ "${ASTERISK_USER}" = : ]]; then
57	ast_group="${ast_group%%:*}"	57	ast_group="${ASTERISK_USER#*:}"
		58	ast_group="${ast_group%%:*}"
		59	else
		60	ast_group=""
		61	fi
		62
58	[ -z "${ast_user}" ] && ast_user=root	63	[ -z "${ast_user}" ] && ast_user=root
59	[ -z "${ast_group}" ] && ast_group="$(getent group $(getent passwd "${ast_user}" \| awk -F: '{ print $4 }') \| sed -re 's/:.*//')"	64	[ -n "${ast_group}" ] && ast_prim_group="${ast_group}" \|\| ast_prim_group="$(getent group $(getent passwd "${ast_user}" \| awk -F: '{ print $4 }') \| sed -re 's/:.*//')"
60	fi	65	fi
61		66
62	[ -z "${ast_user}" ] && ast_user=root	67	[ -z "${ast_user}" ] && ast_user=root
63	[ -z "${ast_group}" ] && ast_group=root	68	[ -z "${ast_prim_group}" ] && ast_prim_group=root
64		69
65	return 0	70	return 0
66	}	71	}
Lines 69-75 Link Here
69	setup_svc_variables	74	setup_svc_variables
70		75
71	local path	76	local path
72	checkpath -d -m 0755 -o ${ast_user}:${ast_group} "${ast_logdir}" "${ast_rundir}" "${ast_spooldir}"	77	checkpath -d -m 0755 -o ${ast_user}:${ast_prim_group} "${ast_logdir}" "${ast_rundir}" "${ast_spooldir}"
73	for path in "${ast_rundir}" "${ast_spooldir}" "${ast_logdir}"; do	78	for path in "${ast_rundir}" "${ast_spooldir}" "${ast_logdir}"; do
74	ebegin "Checking ${path}"	79	ebegin "Checking ${path}"
75	find "${path}" ! -user "${ast_user}" \| while read element; do	80	find "${path}" ! -user "${ast_user}" \| while read element; do
Lines 186-192 Link Here
186	if [ -n "${ASTERISK_CORE_DIR}" ] && \	191	if [ -n "${ASTERISK_CORE_DIR}" ] && \
187	[ ! -d "${ASTERISK_CORE_DIR}" ]	192	[ ! -d "${ASTERISK_CORE_DIR}" ]
188	then	193	then
189	checkpath -d -m 0755 -o ${ast_user}:${ast_group} "${ASTERISK_CORE_DIR}"	194	checkpath -d -m 0755 -o ${ast_user}:${ast_prim_group} "${ASTERISK_CORE_DIR}"
190	fi	195	fi
191	ASTERISK_CORE_DIR="${ASTERISK_CORE_DIR:-/tmp}"	196	ASTERISK_CORE_DIR="${ASTERISK_CORE_DIR:-/tmp}"
192		197
Lines 248-267 Link Here
248	fi	253	fi
249	OPTS="${OPTS} -U ${ast_user}"	254	OPTS="${OPTS} -U ${ast_user}"
250		255
251	if ! getent group "${ast_group}" &>/dev/null; then	256	if ! getent group "${ast_prim_group}" &>/dev/null; then
252	eerror "Requested to run asterisk with group ${ast_group}, which doesn't exist."	257	eerror "Requested to run asterisk with group ${ast_prim_group}, which doesn't exist."
253	return 1	258	return 1
254	fi	259	fi
255	OPTS="${OPTS} -G ${ast_group}"	260	[ -n "${ast_group}" ] && OPTS="${OPTS} -G ${ast_group}"
256		261
257	if [ "${ast_user}" = root ]; then	262	if [ "${ast_user}" = root ]; then
258	ewarn "Starting asterisk as root is not recommended (SERIOUS SECURITY CONSIDERATIONS)."	263	ewarn "Starting asterisk as root is not recommended (SERIOUS SECURITY CONSIDERATIONS)."
259	elif [ "${ast_group}" = root ]; then	264	elif [ "${ast_prim_group}" = root ]; then
260	ewarn "Starting asterisk with group root is not recommended (SERIOUS SECURITY CONSIDERATIONS)."	265	ewarn "Starting asterisk with group root is not recommended (SERIOUS SECURITY CONSIDERATIONS)."
261	fi	266	fi
262		267
263	checkpath -d -m 0755 -o "${ast_user}:${ast_group}" "${ast_logdir}" "${ast_rundir}"	268	checkpath -d -m 0755 -o "${ast_user}:${ast_prim_group}" "${ast_logdir}" "${ast_rundir}"
264	einfo "Starting asterisk as : ${ast_user}:${ast_group}"	269	einfo "Starting asterisk as : ${ast_user}:${ast_group:-${ast_prim_group} (+supplementaries)}"
265	asterisk_run_loop ${OPTS} 2>&1 \| logger -t "wrapper:${ast_instancename}" &	270	asterisk_run_loop ${OPTS} 2>&1 \| logger -t "wrapper:${ast_instancename}" &
266	result=$?	271	result=$?
267		272