[Freeswitch-users] ulimit question

Bote Man bote_radio at botecomm.com
Sun Jan 17 23:13:49 MSK 2016


On Debian the best practice is to start FreeSWITCH as root, but specify ‘–u freeswitch’ on its command line. This allows FS to claim the resources it needs at start time, then drop privileges to user freeswitch once that is done so it gets the best of both worlds without compromising security. At least this is my understanding; I could be wrong, so please correct me. I discovered this while thrashing through the best unit file for systemd, which is now the preferred init method on more and more distributions.

 

Also, it might be worth checking log files and directories (and others) to ensure that user freeswitch still has write access to them now that it is no longer running with root privs. This has bitten many who build FS, then start it as root to test, then run it in production as user freeswitch where it can’t access its database nor log directories due to permissions problems.

 

 

---

Bote

 

FreeSWITCH Docs Janitor

 <http://freeswitch.org/confluence> http://freeswitch.org/confluence

 

 

 

 

From: John Nash
Sent: Sunday, 17 January, 2016 14:36
Subject: Re: [Freeswitch-users] ulimit question

 

I am getting following messages while CPU is low
2016-01-17 14:25:46.600672 [CRIT] switch_core_session.c:1762 Thread Failure!
2016-01-17 14:25:46.600672 [CRIT] switch_core_session.c:1718 LUKE: I'm hit, but not bad.
2016-01-17 14:25:46.600672 [CRIT] switch_core_session.c:1719 LUKE'S VOICE: Artoo, see what you can do with it. Hang on back there....

I ran same tests before with same config on same hardware when i was running freeswitch as user root but today I switched to init script and decided to run with user "freeswitch" and faced errors. 

 

 

On Mon, Jan 18, 2016 at 1:00 AM, Giovanni Maruzzelli <gmaruzz at gmail.com> wrote:

 

 

On Sun, Jan 17, 2016 at 8:26 PM, John Nash <john.nash778 at gmail.com> wrote:

I am using init script in cent OS (supplied with the code) and running freeswitch under user "freeswitch". During testing I faced issues with number of processes limit.

 

Are you sure you have problems with processes limit? Why? Eg: what are the syntoms that makes you think that?

 

 





 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20160117/ff7fb319/attachment.html 


Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list