IMO this is stupid and wrong. Disabling security is a terrible approach to fixing problems generally, – but particularly so when the real issue is more than likely a config problem.
Enough ranting though – I came to post about the resolution to just such a config problem.
After building a basic install of Asterisk 13.8 Certified on CentOS 7.2, I wasn't satisfied to run the included sysvinit script for startup when the entire balance of the system was initializing through systemd. I found that
/var/run/asteriskwouldn't cooperate with my initial attempts at writing a systemd script – after every reboot, it came back owned by root; ownership changes wouldn't stick. I learned from Jari Turkia this is due to
/var/runbeing a tmpfs – nothing there persists across reboot.
/usr/bin/mkdir, suppressing errors, and
/usr/bin/chown, but it's possible to do the same thing elegantly in a single line using
/bin/install– a handy trick I picked up from Paul.
With that and other help ,,, I was able to dial in a very nicely working systemd script to control my Asterisk installation. The config is after the jump.
After sorting the directory ownership and permissions, I also learned that I could allow additional users (e.g., my own login account) to use the Asterisk CLI without having to use sudo – there are a couple of config items that have to be changed to let this happen:
[files]stanza and its entry
- This changes the permissions on the
/var/run/asterisk/asterisk.ctlsocket node – necessary because a CLI user needs write access to the socket
/etc/asterisk/cli_permissions.conf, add an entry for the user or group you want to give permissions, along with the appropriate permissions.
- Since I'm my only user, I set group
wheelto have all rights, but you may need something more strict.
The working config:
Description=Asterisk PBX and telephony daemon
ExecStartPre=/bin/install -m 755 -o asterisk -g asterisk -d /var/run/asterisk/
ExecStop=/usr/sbin/asterisk -rx 'core stop now'
ExecReload=/usr/sbin/asterisk -rx 'core reload'
# safe_asterisk emulation
- Handling /var/run with systemd – Jari Turkia, Hacker's ramblings blog
- How folders created in /var/run on each reboot – Paul on askubuntu.com
- Getting Started with systemd – CoreOS documentation
- install(1) - Linux man page – die.net Linux man pages
- systemd: permission issue with mkdir & ExecStartPre – Matt on Unix StackExchange
- Asterisk – permissions and ownership for the socket console – Leonardo Rizzi, deepreflect.net networks
- Asterisk documentation – cli_permissions.conf