Closed tsawyer closed 1 day ago
Yes, directories should be created with the execute bit.
Before since we were running under root it was doing it without issue. Now under the asterisk user/group it is an issue as the current code is writing out with 0600 for permissions. Could this get set to 0760 at least.
Could this get set to 0760 at least.
0760 (-rwxrw----) doesn't make any sense. If you are looking to open up "read" access to others then 0750 (-rwxr-x---) or 0755 (-rwxr-xr-x). But, at the moment, even opening up access to the directory won't help because the files are created 0600 (-rw-------)
I meant on the file's written.. 660 vs 600 as it's doing now.
I'm hesitant to have the default filesystem permissions be too open. Changing the directory permissions to 0700 should take care of the permission errors.
But, at the same time I do see how changing the permissions on the "files" could be helpful. Then, if you opted to open up the directory permissions then the files would become accessible.
In short, I'm thinking 0700 on archivedir, 0755 on the archivedir sub-directories, and 0644 for the files. Reasonable?
I would think so... That way a script to "process" the files doesn't need to be run as root but could be any member of the group was my thinking.
I just made one last [?] change.
I changed the archivedir sub-directory modes to 0775 (instead of 0755). This way, if you ensure that whatever job you are using to "process" the files is a member of the "asterisk" group you will then be able to remove any processed files.
Email from a friend setting up an
apt install asl3
on amd64 and his experience and findings with addingarchivedir = /var/spool/asterisk/monitor