I'm running asterisk, a telephony app, on Fedora 31.
If I start asterisk as user asterisk all goes well. But if I use systemd, I get a bunch of permission problems.
asterisk[1411]: [Jan 21 19:36:47] ERROR[1411]: res_sorcery_config.c:320 sorcery_config_internal_load: Unable to load config file 'pjsip.conf' Jan 21 19:36:47 asterisk.riverside asterisk[1411]: [Jan 21 19:36:47] ERROR[1411]: config_options.c:710 aco_process_config: Unable to load config file 'confbridge.conf' asterisk[1411]: [Jan 21 19:36:47] ERROR[1411]: app_confbridge.c:4351 load_module: Unable to load config. Not loading module. asterisk[1411]: [Jan 21 19:36:47] WARNING[1411]: loader.c:2381 load_modules: Some non-required modules failed to load. asterisk[1411]: [Jan 21 19:36:47] ERROR[1411]: loader.c:2396 load_modules: res_stun_monitor declined to load. asterisk[1411]: [Jan 21 19:36:47] ERROR[1411]: loader.c:2396 load_modules: res_xmpp declined to load. asterisk[1411]: [Jan 21 19:36:47] ERROR[1411]: loader.c:2396 load_modules: Declined modules which depend on res_xmpp: chan_motif asterisk[1411]: [Jan 21 19:36:47] ERROR[1411]: loader.c:2396 load_modules: chan_iax2 declined to load. asterisk[1411]: [Jan 21 19:36:47] ERROR[1411]: loader.c:2396 load_modules: app_confbridge declined to load.
In the app I can try to reload the modules:
module load res_xmpp.so Unable to load module res_xmpp.so Command 'module load res_xmpp.so' failed. == Parsing '/etc/asterisk/xmpp.conf': Not found (Permission denied)
module load res_stun_monitor.so Unable to load module res_stun_monitor.so Command 'module load res_stun_monitor.so' failed. == Parsing '/etc/asterisk/res_stun_monitor.conf': Not found (Permission denied)
module load chan_iax2.so Unable to load module chan_iax2.so Command 'module load chan_iax2.so' failed. == Parsing '/etc/asterisk/iax.conf': Not found (Permission denied)
So it's a permission problem, But the files are all there, with appropriate permissions (I think) :
ls -l /etc/asterisk | grep 'xmpp|monitor|iax|confbridge' -rw-r--r--. 1 asterisk asterisk 23674 Dec 12 19:54 confbridge.conf -rw-r--r--. 1 asterisk asterisk 1250 Dec 12 19:54 iax.conf -rw-r--r--. 1 asterisk asterisk 2401 Dec 19 18:30 iaxprov.conf -rw-r--r--. 1 asterisk asterisk 1403 Dec 12 19:54 res_stun_monitor.conf -rw-r--r--. 1 asterisk asterisk 2728 Dec 12 19:55 xmpp.conf
Here's the systemd service file:
cat /usr/lib/systemd/system/asterisk.service | grep -v '#' [Unit] Description=Asterisk PBX and telephony daemon. After=nss-lookup.target
[Service] Type=simple Environment=HOME=/var/lib/asterisk WorkingDirectory=/var/lib/asterisk User=asterisk Group=asterisk ExecStart=/usr/sbin/asterisk -f -C /etc/asterisk/asterisk.conf ExecStop=/usr/sbin/asterisk -rx 'core stop now' ExecReload=/usr/sbin/asterisk -rx 'core reload'
PrivateTmp=true
[Install] WantedBy=multi-user.target
So why would starting asterisk as user asterisk work, but fail using systemd ?
Any help appreciated.
sean
p.s. This is a cross post with asterisk user.
sean darcy writes:
I'm running asterisk, a telephony app, on Fedora 31.
If I start asterisk as user asterisk all goes well. But if I use systemd, I get a bunch of permission problems.
Are you using Fedora's asterisk package? If so, you should report your bug against the Fedora package.
If not, and this is built by hand, perhaps you should try the Fedora package instead. Asterisk is complicated stuff, and with the complexity of Fedora itself, and all the systemd-related voodoo, packaging something like asterisk on Fedora will likely involve quite a bit of knowledge and experience.
So why would starting asterisk as user asterisk work, but fail using systemd ?
Do you have selinux enabled and enforcing? That would be one reason,
On 1/21/20 6:31 PM, sean darcy wrote:
I'm running asterisk, a telephony app, on Fedora 31.
If I start asterisk as user asterisk all goes well. But if I use systemd, I get a bunch of permission problems.
I'm running it from systemd on F30 with no problems.
module load res_xmpp.so Unable to load module res_xmpp.so Command 'module load res_xmpp.so' failed. == Parsing '/etc/asterisk/xmpp.conf': Not found (Permission denied)
Try running "restorecon -rv /etc/asterisk".
On 1/22/20 12:00 PM, sean darcy wrote:
On 1/22/20 1:01 AM, Samuel Sieb wrote:
restorecon -rv /etc/asterisk"
Thanks. That did it.
I'll never understand selinux.
My guess is that you copied or more likely moved files into there from somewhere else. Is that right? Generally, if you get a permission error even though the file ownership is correct, check for an selinux context being wrong.
On 1/22/20 3:47 PM, Samuel Sieb wrote:
On 1/22/20 12:00 PM, sean darcy wrote:
On 1/22/20 1:01 AM, Samuel Sieb wrote:
restorecon -rv /etc/asterisk"
Thanks. That did it.
I'll never understand selinux.
My guess is that you copied or more likely moved files into there from somewhere else. Is that right? Generally, if you get a permission error even though the file ownership is correct, check for an selinux context being wrong. _______________________________________________
OK, but why would it work if I started it directly, and fail from systemd, set for the same user?
On 1/23/20 12:59 PM, sean darcy wrote:
On 1/22/20 3:47 PM, Samuel Sieb wrote:
On 1/22/20 12:00 PM, sean darcy wrote:
On 1/22/20 1:01 AM, Samuel Sieb wrote:
restorecon -rv /etc/asterisk"
Thanks. That did it.
I'll never understand selinux.
My guess is that you copied or more likely moved files into there from somewhere else. Is that right? Generally, if you get a permission error even though the file ownership is correct, check for an selinux context being wrong. _______________________________________________
OK, but why would it work if I started it directly, and fail from systemd, set for the same user?
When it's started from systemd, the selinux context is more restricted by design. When you run it manually, it runs in the unconfined_t context, but when run from systemd, it ends up as asterisk_t. You can see that by adding the "Z" option to "ps".
# ps auxwZ | grep asterisk system_u:system_r:asterisk_t:s0 asterisk 966 0.4 0.2 2167796 62056 ? Ssl 2019 779:32 /usr/sbin/asterisk -f -C /etc/asterisk/asterisk.conf
-
Sam Varshavchik -
Samuel Sieb -
sean darcy