Closed robdyck closed 3 years ago
Thanks for the detailed report! We are aware of this bug and looking for a fix, most likely by changing the default file path of the fifo file. I'll try to push a fix for this asap and let you know when it is completed.
another workaround, set the fifo file permissions in the script...
modparam("mi_fifo", "fifo_mode", 0666)
It doesn't work as long as sysctl fs.protected_fifos = 1 which it should be. It's a fifo ownership thing. See the referenced commit. I suppose one ccould justify turning the protection off in some circumstances. Probably some distros like mine default to on.
@robdyck starting with linux kernel 4.19 this is the default behavior - to default writing in a fifo file if stored in a sticky bit directory and you're trying to access it using a different user. I've added this in OpenSIPS' documentation.
The right fix for this issue is to move the fifo file in a place where both opensips
and opensips-cli
have access.
Alternatively, opensips-cli
should run with the same user as opensips
- I'm investigating this to see what is the best option we have now.
This has been fixed in both CLI and OpenSIPS default paths for debs and rpm. Also added suggestions in documentation and cli itself - the rest is on the users's plate :). Thanks for reporting and providing detailed information!
When opensips is configured to use a fifo as the MI interface opensips-cli fails because it cannot open the fifo.
This failure occurs for a root user and for a user with opensips group permission. Fifo owner is opensips. A workaround is required to make opensips-cli work.
workaround:1 Run both opensips and opensips-cli as root. Unsatisfactory.
workaround:2 sysctl -w fs.protected_fifos=0 Not ideal, you need to remember to set it back when you are done with opensips-cli
workaround;3 As root su opensips ( opensips without password but with shell) Not too bad but results in an error when quitting opensips-cli
Ideally a user with opensips group permission should be able start opensips-cli without using a workaround.
For further reference to fifo permission see this commit. https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=30aba6656f61ed44cba445a3c0d38b296fa9e8f5