IMO this is stupid and wrong. Disabling security is a terrible approach to fixing problems generally, – but particularly so when the real issue is more than likely a config problem.
Enough ranting though – I came to post about the resolution to just such a config problem.
After building a basic install of Asterisk 13.8 Certified on CentOS 7.2, I wasn't satisfied to run the included sysvinit script for startup when the entire balance of the system was initializing through systemd. I found that
/var/run/asteriskwouldn't cooperate with my initial attempts at writing a systemd script – after every reboot, it came back owned by root; ownership changes wouldn't stick. I learned from Jari Turkia this is due to
/var/runbeing a tmpfs – nothing there persists across reboot.
/usr/bin/mkdir, suppressing errors, and
/usr/bin/chown, but it's possible to do the same thing elegantly in a single line using
/bin/install– a handy trick I picked up from Paul.
With that and other help ,,, I was able to dial in a very nicely working systemd script to control my Asterisk installation. The config is after the jump.
After sorting the directory ownership and permissions, I also learned that I could allow additional users (e.g., my own login account) to use the Asterisk CLI without having to use sudo – there are a couple of config items that have to be changed to let this happen:
[files]stanza and its entry
- This changes the permissions on the
/var/run/asterisk/asterisk.ctlsocket node – necessary because a CLI user needs write access to the socket
/etc/asterisk/cli_permissions.conf, add an entry for the user or group you want to give permissions, along with the appropriate permissions.
- Since I'm my only user, I set group
wheelto have all rights, but you may need something more strict.