SOLVED Asterisk runs as root

Eddie Seelke · Jul 21, 2015

I have seen many posts here that say do not run asterisk as root.

But, can't find anything on how to run as user asterisk.

I followed the guide at http://nerdvittles.com/?p=14208. I made no changes, just followed the prompts. I tried this on Ubuntu with the Ubuntu guide as well and it also ran Asterisk as root.

So, if the script is installing Asterisk to run as root, how do I change it to run as asterisk?

Thanks, Eddie

Eddie Seelke · Jul 22, 2015

Code:

root@pbx:~ $ top
top - 14:24:06 up  2:32,  1 user,  load average: 0.00, 0.00, 0.00
Tasks: 130 total,  1 running, 129 sleeping,  0 stopped,  0 zombie
Cpu(s):  0.3%us,  0.0%sy,  0.0%ni, 99.0%id,  0.0%wa,  0.0%hi,  0.0%si,  0.7%st
Mem:  1020224k total,  700440k used,  319784k free,    44964k buffers
Swap:        0k total,        0k used,        0k free,  335376k cached
 
  PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND
1839 root      20  0 1627m  71m  18m S  0.7  7.2  1:26.18 asterisk
    1 root      20  0 19356 1536 1224 S  0.0  0.2  0:00.45 init
    2 root      20  0    0    0    0 S  0.0  0.0  0:00.00 kthreadd
    3 root      RT  0    0    0    0 S  0.0  0.0  0:00.00 migration/0
    4 root      20  0    0    0    0 S  0.0  0.0  0:00.14 ksoftirqd/0
    5 root      RT  0    0    0    0 S  0.0  0.0  0:00.00 stopper/0
    6 root      RT  0    0    0    0 S  0.0  0.0  0:00.00 watchdog/0
    7 root      20  0    0    0    0 S  0.0  0.0  0:00.49 events/0
    8 root      20  0    0    0    0 S  0.0  0.0  0:00.00 cgroup
    9 root      20  0    0    0    0 S  0.0  0.0  0:00.00 khelper
  10 root      20  0    0    0    0 S  0.0  0.0  0:00.00 netns
  11 root      20  0    0    0    0 S  0.0  0.0  0:00.00 async/mgr
  12 root      20  0    0    0    0 S  0.0  0.0  0:00.00 pm
  13 root      20  0    0    0    0 S  0.0  0.0  0:00.01 sync_supers
  14 root      20  0    0    0    0 S  0.0  0.0  0:00.01 bdi-default
  15 root      20  0    0    0    0 S  0.0  0.0  0:00.00 kintegrityd/0
  16 root      20  0    0    0    0 S  0.0  0.0  0:00.15 kblockd/0

I did not change what user asterisk runs as. Honestly, I am not sure how to do that.

wardmundy · Jul 22, 2015

ps aux | grep asterisk

Eddie Seelke · Jul 22, 2015

root@pbx:~ $ ps aux | grep asterisk
root 1835 0.0 0.0 108200 672 ? S 11:52 0:00 /bin/sh /usr/sbin/safe_asterisk
root 1839 0.9 7.1 1666368 73324 ? Sl 11:52 1:33 /usr/sbin/asterisk -f -vvvg -c
asterisk 1844 0.0 3.1 481136 32364 ? S 11:52 0:01 /usr/sbin/httpd
asterisk 1845 0.0 4.5 495468 46364 ? S 11:52 0:02 /usr/sbin/httpd
asterisk 2460 0.0 4.0 490084 41324 ? S 11:54 0:02 /usr/sbin/httpd
asterisk 4360 0.0 4.5 496252 46880 ? S 12:18 0:00 /usr/sbin/httpd
root 14383 0.0 0.0 103252 840 pts/0 S+ 14:38 0:00 grep asterisk
WARNING: Always run Incredible PBX behind a secure hardware-based firewall.

chris_c_ · Jul 23, 2015

I second this. I've installed the IPBX 13-12 Ubuntu with the provided script, and asterisk is running as user root.
Shouldn't Asterisk be running as user asterisk so as to follow recommended ubuntu/linux security guidelines..
Mysql is running as user mysql.
Webmin, Apache, Fail2ban, Sendmail, and NRservice should also probably run as their own user, not root which is what they're currently running as.
Right?

I think asterisk and the rest are running as root because the install script was designed to build everything from source as root, compiled the code as the user root, all the binaries etc got output as belonging to root, so all ownership and permissions of the compiled binaries and scripts are probably set to root.

wardmundy · Jul 28, 2015

Eddie Seelke chris_c_:

Try this:

Code:

amportal kill
chown -R asterisk:asterisk /var/run/asterisk
sed -i '/END INIT INFO/a AST_USER="asterisk"\nAST_GROUP="asterisk"' /etc/init.d/asterisk
sed -i 's|exit 0|/usr/local/sbin/amportal restart\nexit 0|' /etc/rc.local
amportal restart

Eddie Seelke · Jul 28, 2015

That fixed it for me. I can see Asterisk is now running as asterisk and my voicemails now work in UCP.

FYI, prior to making the change, I checked the init file. Neither AST_USER="asterisk" or AST_GROUP="asterisk" was anywhere in that file.

chris_c_ · Jul 29, 2015

wardmundy said:
Eddie Seelke chris_c_:

Try this:

Code:

chown -R asterisk:asterisk /var/run/asterisk sed -i '/END INIT INFO/a AST_USER="asterisk"\nAST_GROUP="asterisk"' /etc/init.d/asterisk amportal restart

This worked.
I nominate this code be added to the ipbx installer script.
Because , same as Eddie, I installed iPBX 13-11 from the script, and ended up with the asterisk process running as user root, this is bad from a security standpoint.
While we're at it, shouldn't the other processes currently running as root, run as their own user...?
sshd,
cron,
pptpd,
fail2ban-server,
nrservice,
sshd,
apache2,
webmin ...?

wardmundy · Jul 29, 2015

chris_c_ said:
This worked.
I nominate this code be added to the ipbx installer script.

Already done.

As for running other processes as non-root user, the short answer is no.

mrlane · Sep 8, 2015

I seem to have the same issue. It's fixed if i amportal stop and amportal start, however, if I reboot asterisk is running as root again. And /var/run/asterisk is root:root ownership as well (after a reboot).

wardmundy · Sep 9, 2015

mrlane: After applying the fix above, here's the missing piece...

Code:

sed -i 's|;runuser|runuser|' /etc/asterisk/asterisk.conf
sed -i 's|;rungroup|rungroup|' /etc/asterisk/asterisk.conf
reboot

mrlane · Sep 9, 2015

wardmundy said:
mrlane: Here's the fix...

Code:

sed -i 's|;runuser|runuser|' /etc/asterisk/asterisk.conf sed -i 's|;rungroup|rungroup|' /etc/asterisk/asterisk.conf reboot

That's the ticket.
Thanks Ward! I really appreciate your prompt help!

wardmundy · Sep 9, 2015

Thank you, mrlane, for pointing out the problem.

ostridge · Oct 1, 2015

Ran the fixes but FOP2 fails to open ever since.
Tried a re-install of fop2 but still get the same server error msg that " The server encountered an internal error or misconfiguration and was unable to complete your request.
See - http://pbxinaflash.com/community/index.php?posts/113796/

gforce · Nov 5, 2015

@wardmundy
FYI, this is still an issue. I installed PiAF Black last week using the PiAF3 install guide on a Digital Ocean Droplet. Asterisk is still running as root.

wardmundy · Nov 5, 2015

Did you apply the fixes above??

FYI, @darmock.

gforce · Nov 5, 2015

oh, I will. Just letting you know that it is not on the installation scripts

gforce · Nov 6, 2015

Tried the fix tonight and it worked! Thanks, @wardmundy

.. Just for reference for anyone else... here's the code you need to run.

Code:

amportal kill
chown -R asterisk:asterisk /var/run/asterisk
sed -i '/END INIT INFO/a AST_USER="asterisk"\nAST_GROUP="asterisk"' /etc/init.d/asterisk
sed -i 's|exit 0|/usr/local/sbin/amportal restart\nexit 0|' /etc/rc.local
amportal restart
sed -i 's|;runuser|runuser|' /etc/asterisk/asterisk.conf
sed -i 's|;rungroup|rungroup|' /etc/asterisk/asterisk.conf
reboot

wardmundy · Nov 6, 2015

Thanks. Notifying @darmock.

darmock · Nov 6, 2015

Out of the depths of PIAF/Trixbox/Asterisk@home history there was a very good reason why asterisk was running as root..... Can't for the life of me remember why however. Will look back at some of the old archived stuff. That being said modern versions of asterisk may not need it. I will mod the new version of PIAF 4 with this however.

SOLVED Asterisk runs as root

New Member

New Member

Nerd Uno

New Member

Active Member

Nerd Uno

New Member

Active Member

Nerd Uno

New Member

Nerd Uno

New Member

Nerd Uno

Guru

New Member

Nerd Uno

New Member

New Member

Nerd Uno

PIAF Developer

Forum statistics