Noob question, but a good one. (It's actually Linux related!)

S. Dale Morrey sdalemorrey at gmail.com
Fri Apr 5 19:02:36 MDT 2013


You know, that's a very good question that I've never explored.  Can anyone
chime in on that for me?  Also is there a security problem with letting
Apache own the config files for Asterisk?


On Fri, Apr 5, 2013 at 7:29 PM, Jima <jima at beer.tclug.org> wrote:

> On 2013-04-05 18:06, S. Dale Morrey wrote:
> > Hey Pluggers,
> >
> > I've got a quick best practices question for you.
> >
> > I have asterisk installed and running as the asterisk user and apache
> > installed and running as the apache user.
> >
> > I've got a new web interface that needs to execute some scripts to modify
> > asterisk dialplans, tell asterisk to reload itself, etc.
> >
> > Would it be best to add asterisk to the apache group, apache to the
> > asterisk group, both of the above or something else?
>
>   Is there a reason Asterisk needs to be able to write to the tree?  As
> long as it can read the configuration files, you don't really need to
> muck around with group ownership.  Personally, I'd just grant the apache
> user the ability to reload Asterisk via sudo, and let it own the configs.
>
>       Jima
>
>
> /*
> PLUG: http://plug.org, #utah on irc.freenode.net
> Unsubscribe: http://plug.org/mailman/options/plug
> Don't fear the penguin.
> */
>


More information about the PLUG mailing list