Noob question, but a good one. (It's actually Linux related!)
steve at betterlinux.com
Fri Apr 5 19:17:57 MDT 2013
Not a problem if you lock down apache to specific IPs :)
In fact, there are enough sip vulnerabilities from time to time that I put the phones themselves on either a private network (or controlled public netowork) or give them dyndns set ups and have a script auto update the iptables rules to those DNA names.
On Apr 5, 2013, at 7:02 PM, "S. Dale Morrey" <sdalemorrey at gmail.com> wrote:
> You know, that's a very good question that I've never explored. Can anyone
> chime in on that for me? Also is there a security problem with letting
> Apache own the config files for Asterisk?
> On Fri, Apr 5, 2013 at 7:29 PM, Jima <jima at beer.tclug.org> wrote:
>> On 2013-04-05 18:06, S. Dale Morrey wrote:
>>> Hey Pluggers,
>>> I've got a quick best practices question for you.
>>> I have asterisk installed and running as the asterisk user and apache
>>> installed and running as the apache user.
>>> I've got a new web interface that needs to execute some scripts to modify
>>> asterisk dialplans, tell asterisk to reload itself, etc.
>>> Would it be best to add asterisk to the apache group, apache to the
>>> asterisk group, both of the above or something else?
>> Is there a reason Asterisk needs to be able to write to the tree? As
>> long as it can read the configuration files, you don't really need to
>> muck around with group ownership. Personally, I'd just grant the apache
>> user the ability to reload Asterisk via sudo, and let it own the configs.
More information about the PLUG