1 |
Hi, |
2 |
|
3 |
In some ways not unlike the discussion around users being installed and |
4 |
later updated ... so I'm guessing I'm going to have varied opinions and |
5 |
feedback on this potentially. Ironically, asterisk was one of those |
6 |
users that had it's home folder (correctly) adjusted from |
7 |
/var/lib/asterisk to /dev/null. |
8 |
|
9 |
In this case: |
10 |
|
11 |
1. I would like to update where asterisk stores astdb (partially for |
12 |
security reasons); |
13 |
2. And on existing installs, /var/{lib,spool}/asterisk may well have |
14 |
what I consider to be insecure ownership and permissions. |
15 |
|
16 |
I have some ideas about the former (below), the latter I have no ideas |
17 |
about. |
18 |
|
19 |
There used to be a "fix permissions" script in the asterisk init script |
20 |
(that was considered to be a security vulnerability, and was removed, |
21 |
not to mention that it didn't exactly set same to be as secure as it can |
22 |
be, and there are legitimate reasons to not use the strictest possible |
23 |
permissions on *some* of the folders beneath both these locations, but |
24 |
most of them should be root:root, and root:asterisk in specific cases, |
25 |
and only in a very few cases asterisk:root possibly). Suggestions on |
26 |
fixing these permissions if (and only if) they were unmodified by the |
27 |
user. And making sure the user is aware of these. |
28 |
|
29 |
Re the former: https://bugs.gentoo.org/761442 relates. |
30 |
|
31 |
History: |
32 |
|
33 |
asterisk project simply used to install everything as |
34 |
asterisk:asterisk. Config files, resource files, everything, |
35 |
irrespective of whether or not runtime required write access or not (I |
36 |
think the exception was the binary and module libraries). This was from |
37 |
upstream project. Myself and a few others started upsetting the apple |
38 |
cart with things like "why are audio files installed writeable by |
39 |
asterisk?". Upstream caught onto this and started fixing some things up |
40 |
(I don't have references, but things have definitely changed). |
41 |
|
42 |
Bottom line: |
43 |
|
44 |
/var/lib/asterisk used to be installed as asterisk:root, 750. |
45 |
|
46 |
It's now being installed as root:root 755 (I'd prefer root:asterisk 750 |
47 |
personally) |
48 |
|
49 |
There are only two pieces of information inside /var/lib/asterisk that |
50 |
needs to (potentially) be writeable by asterisk. |
51 |
|
52 |
1. astdb.sqlite3 (and it's -journal file which doesn't always exist) |
53 |
2. coredump/ folder (only required if configured to core dump). |
54 |
|
55 |
The latter is a non-issue since this folder is specifically installed |
56 |
asterisk:root. |
57 |
|
58 |
astdb is a problem, since in order to create the -journal file I need to |
59 |
give write access to asterisk to the folder (which I'd prefer to not do). |
60 |
|
61 |
Disclaimer: Depending on what you're doing there might be motivation to |
62 |
have a few extra specific locations writeable by asterisk beneath |
63 |
/var/lib/asterisk (we do have that, but this should be an explicit |
64 |
action by the administrator in my opinion, if I could I'd install |
65 |
everything there as root:root - which is just about the case currently). |
66 |
|
67 |
What I'd rather prefer to do is to create an additional asterisk:root |
68 |
astdb folder beneath /var/lib/asterisk and have asterisk use that for |
69 |
astdb. This is easy enough to configure, and even to update the default |
70 |
config files. |
71 |
|
72 |
But what to do with existing installations? A person would need to "opt |
73 |
in" to this change by way of etc-update I guess (I'll keep a ::gentoo |
74 |
patch to basically enable the [directories] section, and to set astdbdir |
75 |
= /var/lib/asterisk/astdb by default). But unless the person modified |
76 |
asterisk.conf (entirely possible, generally you don't need to customize |
77 |
this config file) that will auto update this file. And on next asterisk |
78 |
restart the person will lose his existing astdb.sqlite3 file. |
79 |
|
80 |
So ... I could check for /var/lib/asterisk/astdb.sqlite3 in init script |
81 |
... but if the user opted out of te config update ... moving the file |
82 |
here (which is a bad idea in my opinion anyway) is a terrible idea. Not |
83 |
moving the file will simply result in asterisk creating a new |
84 |
astdb.sqlite3 file in the new folder - which carries risk if (and only |
85 |
if) the user cares about persistence in astdb (which my systems |
86 |
specifically don't, but some others do). By *default* nothing that |
87 |
asterisk itself stores into astdb requires persistence (but it is |
88 |
preferred, for example, if I REGISTER to asterisk, it is nice that it |
89 |
doesn't "forget" my registration over restarts or even reboots). |
90 |
|
91 |
At this point I'm inclined to put a big ewarn in the updated ebuilds in |
92 |
pkg_pretend, warning of this default config change (if you're updating |
93 |
from an older asterisk where the default was /var/lib/asterisk), |
94 |
installing the new folder and moving on with my life. Since all my |
95 |
installs already has /var/lib/asterisk/astdb on a ramdisk, I'm not |
96 |
affected, but I really would prefer to not catch users off guard. |
97 |
|
98 |
Currently new installs of asterisk is semi broken by default, easy to |
99 |
fix either by chown asterisk:root /var/lib/asterisk, or by install -d |
100 |
-oasterisk -groot -m0750 /var/lib/asterisk/astdb and simple (2 lines) |
101 |
config change to /etc/asterisk/asterisk.conf. |
102 |
|
103 |
Just looking for other possible approaches here. |
104 |
|
105 |
Migration is also easy enough: update config for new location, stop |
106 |
asterisk, mv the sqlite3 file, start asterisk. |
107 |
|
108 |
Kind Regards, |
109 |
Jaco |