IMO this is stupid and wrong. Disabling security is a terrible approach to fixing problems generally, – but particularly so when the real issue is more than likely a config problem.
Enough ranting though – I came to post about the resolution to just such a config problem.
Systemd config
After building a basic install of Asterisk 13.8 Certified on CentOS 7.2, I wasn't satisfied to run the included sysvinit script for startup when the entire balance of the system was initializing through systemd. I found that
/var/run/asterisk wouldn't cooperate with my initial attempts at writing a systemd script – after every reboot, it came back owned by root; ownership changes wouldn't stick. I learned from Jari Turkia[1] this is due to /var/run being a tmpfs – nothing there persists across reboot.Jari used
/usr/bin/mkdir, suppressing errors, and /usr/bin/chown, but it's possible to do the same thing elegantly in a single line using /bin/install – a handy trick I picked up from Paul.[2]With that and other help [3],[4],[5], I was able to dial in a very nicely working systemd script to control my Asterisk installation. The config is after the jump.
Asterisk config
After sorting the directory ownership and permissions, I also learned that I could allow additional users (e.g., my own login account) to use the Asterisk CLI without having to use sudo – there are a couple of config items that have to be changed to let this happen:
- In
/etc/asterisk/asterisk.conf, uncomment[files]stanza and its entryastctlpermissions[6] - This changes the permissions on the
/var/run/asterisk/asterisk.ctlsocket node – necessary because a CLI user needs write access to the socket - In
/etc/asterisk/cli_permissions.conf, add an entry for the user or group you want to give permissions, along with the appropriate permissions.[7] - Since I'm my only user, I set group
wheelto have all rights, but you may need something more strict.
