[Freeswitch-users] freetdm dahdi permissions Debian - with debian packages installed.

Stefan Knoblich stkn at openisdn.net
Wed Jul 17 09:48:14 MSD 2013 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/17/13 03:16, Karl Schmidt wrote:
> On 07/16/2013 06:06 PM, Stefan Knoblich wrote:
> 
>> 
>> so you might want to check what the init script is doing
>> 
>> (to get the list of groups ids of the running process:  grep Groups: /proc/`pidof freeswitch`/status)
>> 
> 
> I think you mean $ grep Gid /proc/pidof freeswitch/status

No, i don't. That one will only list the primary group. Your problem is with the missing supplemental groups
(= non-primary groups the user is a member of), like "dialout" in your case.

> and both uid and gid belong to freeswitch
> 
> Uid:    999     999     999     999 Gid:    999     999     999     999
> 
> I'm puzzled by this - unless while freetdm is being configured it is running with a different group??
> 
> The command line:
> 
> # ps ax |grep free 2534 pts/0    S+     0:00 grep free 30110 ?        S<l    0:48 /usr/bin/freeswitch -u freeswitch -g freeswitch -nc -rp -nonat

That is what i've been talking about: _Don't_ use -g, if you want to use any supplemental groups.

> My workaround has me going forward for now - but the issue has me scratching my head.
> 
> I would also recommend putting a note about adding freeswitch to the hardware device's group in /usr/share/doc/freeswitch-mod-freetdm/ in the freeswitch-mod-freetdm package.

Drop the -g freeswitch, to make it run as uid:freeswitch, gid:freeswitch _and_ load all
the supplemental group the freeswitch user is in (like dialout).

This is how it's supposed to be:

# pgrep -a freeswitch
488 /opt/freeswitch/bin/freeswitch -u freeswitch -nocal -nonat

# grep -E '(Uid|Gid|Groups):' /proc/`pidof freeswitch`/status
Uid:    103     103     103     103
Gid:    1001    1001    1001    1001
Groups: 20 1001

# grep -E ':(20|1001):' /etc/group
dialout:x:20:root,freeswitch,asterisk
freeswitch:x:1001:

Running as uid = 103 (freeswitch), gid = 1001 (freeswitch), with supplemental gid = 20 (dialout)

No mangling of device permissions required.




-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.20 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlHmMB4ACgkQjiIIAK4rYUo8+wCeMx7lroBpcoOTDw8Mw0RtOetw
TvwAoLE/2IUenEsQYQWgeDh71bWBg40t
=lK5U
-----END PGP SIGNATURE-----

Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users mailing list