diff options
author | kpfleming <kpfleming@f38db490-d61c-443f-a65b-d21fe96a405b> | 2005-11-08 00:30:29 +0000 |
---|---|---|
committer | kpfleming <kpfleming@f38db490-d61c-443f-a65b-d21fe96a405b> | 2005-11-08 00:30:29 +0000 |
commit | 2be61d8a22bce5413662fffe0a3098f4060b31d3 (patch) | |
tree | 3372362596a5638628cb8fba3c4d310359cf841b | |
parent | d26d4447c40e0ccd0cb970f0a35033f21c89ffa3 (diff) |
issue #5621
git-svn-id: http://svn.digium.com/svn/asterisk/trunk@7004 f38db490-d61c-443f-a65b-d21fe96a405b
-rwxr-xr-x | ChangeLog | 2 | ||||
-rwxr-xr-x | asterisk.c | 16 | ||||
-rwxr-xr-x | doc/README.asterisk.conf | 3 |
3 files changed, 21 insertions, 0 deletions
@@ -1,5 +1,7 @@ 2005-11-07 Kevin P. Fleming <kpfleming@digium.com> + * asterisk.c: support 'runuser' and 'rungroup' options in asterisk.conf (issue #5621) + * res/Makefile, apps/Makefile, channels/Makefile, Makefile: support WITHOUT_ZAPTEL define to forcibly avoid building Zaptel support (issue #5634) * Makefile: various fixes (issue #5633) diff --git a/asterisk.c b/asterisk.c index 71aef7d45..dab5c5342 100755 --- a/asterisk.c +++ b/asterisk.c @@ -194,6 +194,8 @@ char ast_config_AST_KEY_DIR[AST_CONFIG_MAX_PATH]; char ast_config_AST_PID[AST_CONFIG_MAX_PATH]; char ast_config_AST_SOCKET[AST_CONFIG_MAX_PATH]; char ast_config_AST_RUN_DIR[AST_CONFIG_MAX_PATH]; +char ast_config_AST_RUN_USER[AST_CONFIG_MAX_PATH]; +char ast_config_AST_RUN_GROUP[AST_CONFIG_MAX_PATH]; char ast_config_AST_CTL_PERMISSIONS[AST_CONFIG_MAX_PATH]; char ast_config_AST_CTL_OWNER[AST_CONFIG_MAX_PATH] = "\0"; char ast_config_AST_CTL_GROUP[AST_CONFIG_MAX_PATH] = "\0"; @@ -1885,6 +1887,12 @@ static void ast_readconfig(void) { } else if ((sscanf(v->value, "%lf", &option_maxload) != 1) || (option_maxload < 0.0)) { option_maxload = 0.0; } + /* What user to run as */ + } else if (!strcasecmp(v->name, "runuser")) { + ast_copy_string(ast_config_AST_RUN_USER, v->value, sizeof(ast_config_AST_RUN_USER)); + /* What group to run as */ + } else if (!strcasecmp(v->name, "rungroup")) { + ast_copy_string(ast_config_AST_RUN_GROUP, v->value, sizeof(ast_config_AST_RUN_GROUP)); } v = v->next; } @@ -2047,6 +2055,10 @@ int main(int argc, char *argv[]) ast_verbose("[ Reading Master Configuration ]"); ast_readconfig(); + if ((!rungroup) && !ast_strlen_zero(ast_config_AST_RUN_GROUP)) + rungroup = ast_config_AST_RUN_GROUP; + if ((!runuser) && !ast_strlen_zero(ast_config_AST_RUN_USER)) + runuser = ast_config_AST_RUN_USER; #ifndef __CYGWIN__ if (!is_child_of_nonroot && ast_set_priority(option_highpriority)) { @@ -2064,6 +2076,10 @@ int main(int argc, char *argv[]) ast_log(LOG_WARNING, "Unable to setgid to %d (%s)\n", gr->gr_gid, rungroup); exit(1); } + if (setgroups(0, NULL)) { + ast_log(LOG_WARNING, "Unable to drop unneeded groups\n"); + exit(1); + } if (option_verbose) ast_verbose("Running as group '%s'\n", rungroup); } diff --git a/doc/README.asterisk.conf b/doc/README.asterisk.conf index d2d8befcd..953ad5597 100755 --- a/doc/README.asterisk.conf +++ b/doc/README.asterisk.conf @@ -49,6 +49,9 @@ nocolor = yes | no ; Disable ANSI colors (-n) dumpcore = yes | no ; Dump core on failure (-g) quiet = yes | no ; Run quietly (-q) timestamp = yes | no ; Force timestamping on log entries to console (-T) +user = asterisk ; User to run asterisk as (-U) NOTE: will require changes to + ; directory and device permisions +group = asterisk ; Group to run asterisk as (-G) ;These options have no command line equivalent cache_record_files = yes | no ; Cache record() files in another directory until completion |