[Freeswitch-users] Run freeswitch with supplementary groups to solver permission problems
Mike Jerris
mike at freeswitch.com
Fri Aug 23 18:22:55 UTC 2019
freeswitch typically starts as root to set certain system settings then
drops perms to the -u and -g params passed. if you want to not drop perms
you don’t use -u and -g but then you need to make sure all that stuff is
set properly first. you will have to dig in code for everything we set but
there are things for the scheduler for sure that won’t work without right
perms in place at startup
On Fri, Aug 23, 2019 at 11:23 AM <stevie.holpp at web.de> wrote:
>
> Hey folks :-),
>
> first time I am here. Installed freeswitch a few months ago to receive and
> send faxes. But I had some "permission error" recently for receiving a fax
> unless I run freeswitch as root user. I tried to use the "
> *SUPPLEMENTARYGROUPS=*" setting in my systemd config file, but this
> didn't help.
>
> Basically the problem is this: I need freeswitch to write to some
> /var/spool/fax folder, and therefore I added the group "uucp" additionally
> to the user "freeswitch". So it's default group is the group "freeswitch",
> and "uucp" is a supplementary group of it.
> I however noticed that, the freeswitch process doesn't honor any
> supplementary groups, just the UID and the default group id. I verified
> this via the "ps" command:
>
>
> *root at jupiter:/tmp# ps -axo ppid,pid,uid,egid,supgid,cmd | grep
> freeswitch 1 2518 999 10 /usr/bin/freeswitch
> -u freeswitch -g uucp -ncwait -nonat*
>
> Why is this so? - is it the fault of freeswitch or of my systemd service
> configuration of freeswitch?
>
> cheers
> Steve
>
>
>
> I am running Debian buster and the latest release of freeswitch, so my
> systemd service config for freeswitch looked like that:
>
>
>
>
>
> *[Unit] Description=freeswitch Wants=network-online.target
> Requires=network.target local-fs.target After=network.target
> network-online.target local-fs.target*
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> *[Service] ; service Type=forking PIDFile=/run/freeswitch/freeswitch.pid
> Environment="DAEMON_OPTS=-nonat" Environment="USER=freeswitch"
> Environment="GROUP=freeswitch" EnvironmentFile=-/etc/default/freeswitch
> ExecStartPre=/bin/chown -R ${USER}:${GROUP} /var/lib/freeswitch
> /var/log/freeswitch /etc/freeswitch /usr/share/freeswitch
> /var/run/freeswitch ExecStart=/usr/bin/freeswitch -u ${USER} -g ${GROUP}
> -ncwait ${DAEMON_OPTS} TimeoutSec=45s Restart=always ; exec ;User=${USER}
> ;Group=${GROUP}*
>
>
> And I tried to add supplementary groups by adding:
>
> *"SupplementaryGroups=freeswitch uucp"*
> after "PIDFILE=" line.
>
>
> _________________________________________________________________________
>
> The FreeSWITCH project is sponsored by SignalWire https://signalwire.com
> Enhance your FreeSWITCH install with disruptive priced SMS and PSTN
> services.
> Build your next product on our scalable cloud platform.
>
> Join our online community to chat in real time
> https://signalwire.community
>
> Professional FreeSWITCH Services
> sales at freeswitch.com
> https://freeswitch.com
>
> Official FreeSWITCH Sites
> https://freeswitch.com/oss
> https://freeswitch.org/confluence
> https://cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> https://freeswitch.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20190823/9a1af4fe/attachment.html>
More information about the FreeSWITCH-users
mailing list