SOLVED New install on ubuntu and permission errors...

[Sean Hogan]

I reinstalled it, and did not install CSF.

I don't see any permissions errors.

 

[Sean Hogan]

wardmundy thank you very much for the time you put in on all this
This got me going after trying many other sites' instructions and tutorials out there
http://pbxinaflash.com/community/index.php?threads/piaf3-with-fedora-20.15090/

 

[Sean Hogan]

Now that it's installed and working, how do I 1) enable the operator panel and 2) enable caller ID trifecta the link is gone

 

[Sean Hogan]

After I logged in this morning Ubuntu updated with the script and the permission problems are back
Fresh install, nothing added.



Output of update attached

 

[howardsl2]

I understand that you have issues with PIAF on Ubuntu. If you want to try an alternative, see my PIAF 2 tutorial for CentOS. It has been tested and the install process should only take an hour or so.

 

[wardmundy]

Try this:

chown -R asterisk:asterisk /etc/asterisk
chown -R asterisk:asterisk /var/lib/asterisk
chown -R asterisk:asterisk /var/www/html
amportal restart

 

[Sean Hogan]

root@pbx2:~# chown -R asterisk:asterisk /etc/asterisk
chown: changing ownership of ‘/etc/asterisk/manager.conf.bak’: Operation not permitted
chown: changing ownership of ‘/etc/asterisk/manager_custom.conf’: Operation not permitted
chown: changing ownership of ‘/etc/asterisk/manager_additional.conf’: Operation not permitted
chown: changing ownership of ‘/etc/asterisk/manager.conf’: Operation not permitted
root@pbx2:~# chown -R asterisk:asterisk /var/lib/asterisk
root@pbx2:~# chown -R asterisk:asterisk /var/www/html
root@pbx2:~# amportal restart

 

[Sean Hogan]

root@pbx2:~# amportal restart
Please wait...
STOPPING ASTERISK
Waiting for Asterisk to Stop Gracefully...
All calls will be dropped once the timer hits 0. To cancel, press CTL-C
Waiting for Asterisk to Stop
Force stopping Asterisk and hanging up active channels
Waiting for Asterisk to Stop
Asterisk has still not stopped, killing Asterisk processes
safe_asterisk: no process found
Asterisk Stopped
SETTING FILE PERMISSIONS
chown: changing ownership of ‘/etc/asterisk/manager.conf.bak’: Operation not permitted
chown: changing ownership of ‘/etc/asterisk/manager_custom.conf’: Operation not permitted
chown: changing ownership of ‘/etc/asterisk/manager_additional.conf’: Operation not permitted
chown: changing ownership of ‘/etc/asterisk/manager.conf’: Operation not permitted
chmod: changing permissions of ‘/etc/asterisk/manager.conf.bak’: Operation not permitted
chmod: changing permissions of ‘/etc/asterisk/manager_custom.conf’: Operation not permitted
chmod: changing permissions of ‘/etc/asterisk/manager_additional.conf’: Operation not permitted
chmod: changing permissions of ‘/etc/asterisk/manager.conf’: Operation not permitted
chattr: Operation not supported while reading flags on /var/www/html/cxpanel
chattr: Operation not supported while reading flags on /var/www/html/provisioning
Permissions OK
Removing any dangling symlinks
Dangling symlinks removed
STARTING ASTERISK
Asterisk Started
root@pbx2:~#

 

[synack]

try this:
chattr -i /etc/asterisk/manager.conf
chown asterisk.asterisk /etc/asterisk/manager.conf.

and report any errors

 

[synack]

also separately run this:
lsattr /etc/asterisk/manager.conf

and report the response.

 

[Sean Hogan]

try this:
chattr -i /etc/asterisk/manager.conf
chown asterisk.asterisk /etc/asterisk/manager.conf.

and report any errors

root@pbx2:~# chattr -i /etc/asterisk/manager.conf
root@pbx2:~# chown asterisk.asterisk /etc/asterisk/manager.conf
root@pbx2:~#
No more errors.
All I changed was added IP FQDN to /etc/hosts and whitelisted Cloudflare (my DNS provider)

 

[Sean Hogan]

also separately run this:
lsattr /etc/asterisk/manager.conf

and report the response.

root@pbx2:~# lsattr /etc/asterisk/manager.conf
-------------e-- /etc/asterisk/manager.conf
root@pbx2:~#

 

[synack]

ok it looks like somewhere along the lines the "immutible" flag was enabled for those files you are getting errors on.
the flag needs to be removed as that prevents even root from modifying a file.
run this:
chattr -R -i /etc/asterisk
and then retry the asterisk reload.

 

[Sean Hogan]

ok it looks like somewhere along the lines the "immutible" flag was enabled for those files you are getting errors on.
the flag needs to be removed as that prevents even root from modifying a file.
run this:
chattr -R -i /etc/asterisk
and then retry the asterisk reload.

root@pbx2:~# chattr -R -i /etc/asterisk
chattr: Operation not supported while reading flags on /etc/asterisk/sip_notify_endpointman.conf
chattr: Operation not supported while reading flags on /etc/asterisk/logger.conf
chattr: Operation not supported while reading flags on /etc/asterisk/rtp.conf
chattr: Operation not supported while reading flags on /etc/asterisk/cel_odbc.conf
chattr: Operation not supported while reading flags on /etc/asterisk/udptl.conf
chattr: Operation not supported while reading flags on /etc/asterisk/extensions.conf
chattr: Operation not supported while reading flags on /etc/asterisk/ccss.conf
chattr: Operation not supported while reading flags on /etc/asterisk/iax.conf
chattr: Operation not supported while reading flags on /etc/asterisk/cel.conf
chattr: Operation not supported while reading flags on /etc/asterisk/sip.conf
chattr: Operation not supported while reading flags on /etc/asterisk/res_odbc.conf
chattr: Operation not supported while reading flags on /etc/asterisk/confbridge.conf
chattr: Operation not supported while reading flags on /etc/asterisk/sip_notify.conf
chattr: Operation not supported while reading flags on /etc/asterisk/features.conf
chattr: Operation not supported while reading flags on /etc/asterisk/res_digium_phone.conf
chattr: Operation not supported while reading flags on /etc/asterisk/http.conf

 

[wardmundy]

FYI: The immutable flag was set on some files including manager.conf because of concerns that a reported FreePBX vulnerability was potentially exposing critical system files to manipulation by individuals that surreptitiously gained asterisk user access to servers via the FreePBX GUI. With asterisk user permissions and no firewall in place, it's incredibly easy to modify manager.conf to authorize complete control of and remote access to an Asterisk server. By removing that protection, you're obviously electing to go-it-alone.

See the PIAF RSS Feed in the web GUI for details and links to the vulnerabilities:

 

[synack]

Those files are probably locked open for read/write, I wouldn't worry about it. none of them were on the "trouble" list.

 

[synack]

FYI: The immutable flag was set on some files including manager.conf because of concerns that a reported FreePBX vulnerability was potentially exposing critical system files to manipulation by individuals that surreptitiously gained asterisk user access to servers via the FreePBX GUI. With asterisk user permissions and no firewall in place, it's incredibly easy to modify manager.conf to authorize complete control of and remote access to an Asterisk server.

But.. that would make it difficult to make legitimate changes to the conf files. maybe a lock/unlock script would be the best solution?

 

[wardmundy]

But.. that would make it difficult to make legitimate changes to the conf files. maybe a lock/unlock script would be the best solution?

Not hard actually...

lsattr /etc/asterisk
chattr -i /etc/asterisk/manager.conf
# make changes desired
chattr +i /etc/asterisk/manager.conf
amportal restart

 

[synack]

wait.. when was that change made? my PBX (piaf verison 11.10) does not have any immutable flags set.

 

[synack]

Not hard actually...

chattr -i /etc/asterisk/manager.conf
# make changes desired
chattr +i /etc/asterisk/manager.conf
amportal restart

Right... I meant hard to those who don't know what an immutable flag is or how to change one. obviously those reading this thread do know now.