Permission denied error in agi

Yash3120 · January 27, 2021, 1:59pm

AGI script error

"Failed to execute '/var/lib/asterisk/agi-bin/STT_agi.py': Permission denied" 1
 STT_agi.py: Failed to execute '/var/lib/asterisk/agi-bin/STT_agi.py': Permission denied

Where my script stored
drwxrwxrwx 14 root root 4096 Aug 7 04:17 var

Where my venv stored
drwxrwxrwx 5 yash yash 4096 Jan 27 10:36 Documents

Full log

Console verbose was OFF and is now 4.
    -- Added contact 'sip:1102@192.168.1.3:40204;transport=UDP;rinstance=556126f7f358a8d0' to AOR '1102' with expiration of 60 seconds
  == Endpoint 1102 is now Reachable
    -- Executing [1102@Long-Distance:1] Answer("PJSIP/1101-00000000", "") in new stack
       > 0x7f7db8033710 -- Strict RTP learning after remote address set to: 103.241.224.35:6074
       > 0x7f7db8033710 -- Strict RTP qualifying stream type: audio
       > 0x7f7db8033710 -- Strict RTP switching source address to 192.168.1.2:7078
    -- Executing [1102@Long-Distance:2] Playback("PJSIP/1101-00000000", "hello") in new stack
    -- <PJSIP/1101-00000000> Playing 'hello.gsm' (language 'en')
    -- Executing [1102@Long-Distance:3] Playback("PJSIP/1101-00000000", "beep") in new stack
    -- <PJSIP/1101-00000000> Playing 'beep.gsm' (language 'en')
    -- Executing [1102@Long-Distance:4] NoOp("PJSIP/1101-00000000", "Answered,Playback,beep done") in new stack
    -- Executing [1102@Long-Distance:5] Record("PJSIP/1101-00000000", "/home/yash/Documents/data/record.wav,,7") in new stack
    -- <PJSIP/1101-00000000> Playing 'beep.gsm' (language 'en')
       > 0x7f7db8033710 -- Strict RTP learning complete - Locking on source address 192.168.1.2:7078
    -- Executing [1102@Long-Distance:6] Playback("PJSIP/1101-00000000", "/home/yash/Documents/data/record") in new stack
    -- <PJSIP/1101-00000000> Playing '/home/yash/Documents/data/record.slin' (language 'en')
    -- Executing [1102@Long-Distance:7] AGI("PJSIP/1101-00000000", "STT_agi.py") in new stack
    -- Launched AGI Script /var/lib/asterisk/agi-bin/STT_agi.py
<PJSIP/1101-00000000>AGI Tx >> agi_request: STT_agi.py
<PJSIP/1101-00000000>AGI Tx >> agi_channel: PJSIP/1101-00000000
<PJSIP/1101-00000000>AGI Tx >> agi_language: en
<PJSIP/1101-00000000>AGI Tx >> agi_type: PJSIP
<PJSIP/1101-00000000>AGI Tx >> agi_uniqueid: 1611755607.0
<PJSIP/1101-00000000>AGI Tx >> agi_version: 16.16.0
<PJSIP/1101-00000000>AGI Tx >> agi_callerid: 1101
<PJSIP/1101-00000000>AGI Tx >> agi_calleridname: Maria Berny
<PJSIP/1101-00000000>AGI Tx >> agi_callingpres: 0
<PJSIP/1101-00000000>AGI Tx >> agi_callingani2: 0
<PJSIP/1101-00000000>AGI Tx >> agi_callington: 0
<PJSIP/1101-00000000>AGI Tx >> agi_callingtns: 0
<PJSIP/1101-00000000>AGI Tx >> agi_dnid: 1102
<PJSIP/1101-00000000>AGI Tx >> agi_rdnis: unknown
<PJSIP/1101-00000000>AGI Tx >> agi_context: Long-Distance
<PJSIP/1101-00000000>AGI Tx >> agi_extension: 1102
<PJSIP/1101-00000000>AGI Tx >> agi_priority: 7
<PJSIP/1101-00000000>AGI Tx >> agi_enhanced: 0.0
<PJSIP/1101-00000000>AGI Tx >> agi_accountcode: 
<PJSIP/1101-00000000>AGI Tx >> agi_threadid: 140178578708224
<PJSIP/1101-00000000>AGI Tx >> 
<PJSIP/1101-00000000>AGI Rx << verbose "Failed to execute '/var/lib/asterisk/agi-bin/STT_agi.py': Permission denied" 1
 STT_agi.py: Failed to execute '/var/lib/asterisk/agi-bin/STT_agi.py': Permission denied
<PJSIP/1101-00000000>AGI Tx >> 200 result=1
    -- Executing [1102@Long-Distance:8] NoOp("PJSIP/1101-00000000", "Record & Playback done") in new stack
    -- Executing [1102@Long-Distance:9] Hangup("PJSIP/1101-00000000", "") in new stack
  == Spawn extension (Long-Distance, 1102, 9) exited non-zero on 'PJSIP/1101-00000000'
yash-VirtualBox*CLI>

david551 · January 27, 2021, 2:26pm

Never set a file or directory to write + execute for the world, especially for root owned files! Never never do this for a key system directory, like /var. (Some software will actually check this at run time and refuse to use the directory in a path.)

What user is Asterisk running as?

What is the ownership and permission on /var/lib/asterisk/, /var/lib/asterisk/agi-bin, and /var/lib/asterisk/agi-bin/STT_agi.py?

Why did you provide the permissions for /var, and not for the above directories?

Generally, this is not an Asterisk issue. The only thing Asterisk will contribute, when a full path is provided, is the user and group under which the operation is attempted.

Does this relate to the script in Why python variable is not return/print on asterisk cli?? If so, what are the ownerships and permissions on each element of /home/yash/Documents/environments/test_env/bin/python

Yash3120 · January 27, 2021, 2:27pm

thanks david
Actually I debug this and during that I faced error, and I just changing my content of python and dialplan. but don’t know why this happened in between because In previous post its work fine without any permission error but after changing content I reload my dialplan and this happended.

Root

root       826  6.0  1.0 2398632 41548 ?       Ssl  19:45   0:34 /usr/sbin/asterisk
root      2026  0.0  0.1 100620  7536 pts/0    S+   19:49   0:00 rasterisk rvvvv

I read in one post to provide permission to whole folder not just one single file so I gave permission to whole /var where in /agi-bin my python script stored.

david551 · January 27, 2021, 2:41pm

Posix directory permissions are the intersection of the permissions on each element of the path, not the union of them. Only a net execute permission is actually needed on anything but the file itself (although I’m not sure about symbolic links).

As Asterisk is running as root, I would suspect that you are failing a check for world writeable files or directories, although a missing execute, on the file itself, might do it.

Yash3120 · January 28, 2021, 6:26am

hey david, need your favor can I know which permission and ownership is required to run asterisk for local machine environment. I know this is some out of scope question but I can’t figure out so I start from the basic question. also same for AGI too.

Ho

david551 · January 28, 2021, 10:46am

make install sets appropriate permissions.

If by “local install”, you mean installing under a user account, I wouldn’t recommend that, as some features require that it be initially started as root.

Yash3120 · January 28, 2021, 4:12pm

Local means my personal machine.

I don’t know where was exact problem but I set permission of /var/…/agi-bin/ 744 by chmod it’s now doesn’t showing permission error.

system · February 27, 2021, 4:12pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.