Technical help with an asterisk arts project please

Some very dumb stuff coming up – apologies

A bit of context. I like to think of myself as an artist, certainly not an engineer. My knowledge of Asterisk is amateur and negligible but over the last 5 years I have working on an exhibit involving a British red telephone box and a computer synthesis of my own voice. It is completely stand-alone with no external connections to the internet or to the telephone network hence I freely break the normal security concerns. https://k6.gravityisahat.com/wp/

Recently I have been grappling with calling external scripts and packages from the dialplan using System(). https://wiki.asterisk.org/wiki/display/AST/Asterisk+13+Application_System
The error messages indicate that there is a problem with permissions but the scripts are read write and execute for all. Does Asterisk have some additional layers of security that I need to breach in order to get them to work? I am aware that there are better ways of doing what I am attempting to do but my skills are extremely limited so the simpler and dirtier the better, given the absence of security concerns.

I have tried

Installing asterisk as root
Installing asterisk as asterisk
Fiddling with permissions
Relocating the files
Disabling SELinux
Monitoring from remote console -r
Monitoring from console mode -c

Does asterisk need to be the owner of the application that runs the scripts eg Python?

i am using version 16.09 at present and nothing works in a previous installation with an earlier version some worked but only with Asterisk in the foreground -c

I haven’t got to grips with generating logs so I rely on verbosity on the console to tell me what’s going on.

I would be so grateful if someone were able to rescue from this muddle.
Chris

There’s no internal working within Asterisk with regards permissions, it’s simply calling external scripts. As long as the user Asterisk is running as has read/execute permissions on the binaries and the scripts it being called that should be enough. Hard to tell without looking at the logs.

Thank you. Immediately after my message and after several days of frustration i looked over my notes and found this copied and adapted from somewhere but somehow overlooked -

resolution was to change the default account for all the asterisk functions to Chris (me) thus

sudo usermod -aG audio,dialout chris
sudo chown -R chris.chris /etc/asterisk
sudo chown -R chris.chris /var/{lib,log,spool}/asterisk
sudo chown -R chris.chris /usr/lib/asterisk
sudo gedit /etc/default/asterisk

AST_USER="chris"
AST_GROUP="chris"

sudo gedit /etc/asterisk/asterisk.conf

runuser = chris ; The user to run as.
rungroup = chris ; The group to run as.

I have little idea exactly what i have done but i can say that most things are working as i would wish. I still have issues with app_jack but I will probably abandon that as its actual functionality eludes me.

Thanks again for troubling to respond.
Chris

Leave the user and group as root, if you don’t have security concerns.

Are you providing the full path names to the scripts and their interpreters?

Hi David - thanks for your help - I have made progress since I left the message by asserting myself as the owner of everything. I remain mystified by the different access Asterisk has to my scripts depending on whether I run the remote console -r or console -c mode - I don’t understand why running Asterisk in the foreground should alter the systems ability to run external scripts. I guess this is just down to my lack of proper understanding - cheers again Chris

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.