I compiled Asterisk 11 from source as user root on CentOS. Now I want Asterisk to run as user asterisk group asterisk. I have uncommented
#AST_USER="asterisk"
#AST_USER="asterisk"
in
/etc/sysconfig/asterisk
I have also tried uncommenting the same variables in
/usr/local/src/asterisk-11.17.1/contrib/init.d/etc_default_asterisk
I restart service asterisk and even reboot the server with the referred condition and when I ps ax | grep [a]sterisk, I still get
4457 pts/0 S 0:00 /bin/sh /usr/sbin/safe_asterisk
4459 pts/0 Sl 0:01 /usr/sbin/asterisk -f -vvvg -c
instead of
4457 pts/0 S 0:00 /bin/sh /usr/sbin/safe_asterisk -U asterisk -G asterisk
4459 pts/0 Sl 0:01 /usr/sbin/asterisk -f -vvvg -c -U asterisk -G asterisk
I obviously added user asterisk and added group asterisk.
I kindly ask you to tell me how to proceed to get asterisk running as asterisk in group asterisk. By the way, if you add directions on which files and directories to change permissions on, to get asterisk running as I need, would be great.
Feedback will be more than welcome.
Stop Asterisk
First you need to create the asterisk user if not there(mostly its automatically created on install)
Then
# useradd -d /var/lib/asterisk/ asterisk
Next give ownership of the following dirs(spool,lib and run) to asterisk
#chown -R asterisk /var/spool/asterisk/ /var/lib/asterisk/ /var/run/asterisk/
copy this file form the contrib/init.d/ directory of you asterisk download
~contrib/init.d#cp etc_default_asterisk /etc/default/asterisk
Edit the file /etc/default/asterisk by uncommenting the asterisk user
AST_USER="asterisk"
AST_GROUP="asterisk"
Lastly edit the file /etc/asterisk/asterisk.conf
uncomment the runuser and rungroup as asterisk
runuser = asterisk
rungroup = asterisk
restart asterisk
#/etc/init.d/asterisk start
This should be fine
In /etc/asterisk/asterisk.conf you can specify any user
Note: you have change permission of /var/run/asterisk/ and /var/spool/asterisk/ folder, also change permission on log folder.
i got the same issue. it's a bug into contrib script /etc/rc.d/init.d/asterisk
The original line to start safe_asterisk daemon is
if [ "x$COLOR" = "xyes" ]; then
export TERM=linux
daemon sh -c "$DAEMON $ASTARGS -c" >/dev/null </dev/null 2>&1 &
This line doesn't pass any supplied argument, even if $ASTARGS contains all required stuff. Even -c isn't passed correctly
If you replace this line by :
daemon $DAEMON -U asterisk -G asterisk
It will do the job to bypass the problem.
Saw on CentOS 7/ Asterisk 13
Related
Good day,
I have just uploaded Symfony 3.4 project (PHP 7.2) to Centos server and my application needs to be connected to RabbitMQ. I want to do that in Centos server rabbitmq is constantly consuming messages. I know how to consume those messages temporarily by running this command:
bin/console rabbitmq:consumer messaging . But how could permanently I consume the messages on server? I tried to google but didn't find any useful information
In my application I've installed:
"php-amqplib/php-amqplib": "*",
"php-amqplib/rabbitmq-bundle": "*"
UPDATE:
I achieved my desired situation with the following command:
nohup bin/console rabbitmq:consumer <your-consumer> &
idk if there's an "official" way of doing it, but as with anything in Linux, you could just write a little daemon to do it, a minimum example would be to add this to your crontab -e
#reboot /bin/bash /project/folder/cronjob_starter.sh
with cronjob_starter.sh containing
#!/bin/bash
if [[ $(screen -ls | grep rabbitmq_daemon) ]]
then
echo "rabbitmq_daemon already running!"
/bin/true
else
# echo " rabbitmq_daemon not running!"
screen -S rabbitmq_daemon -dm
# workaround for https://savannah.gnu.org/bugs/index.php?54164
sleep 1
screen -S rabbitmq_daemon -X stuff "cd /project/folder; bin/console rabbitmq:consumer messaging^M"
fi
then you can inspect your daemon with screen -xS rabbitmq_daemon , or with the Screenie application (honestly idk how to "properly" install Screenie on CentOS, i just run curl https://gist.githubusercontent.com/divinity76/1a583968c997869b27a5ee2c1ed24259/raw/76453e61a92676386589fbb3f4ef0225ac98fb19/screenie.b64 | base64 -d | sudo tee /usr/local/bin/screenie ; sudo chmod 0555 /usr/local/bin/screenie; )
if there's an "official" way of doing it tho, you should probably do it the official way instead, i don't know anything about that unfortunately.
We are attempting to set up Apache Mod Evasion to prevent future DOS attacks on one of our servers. Everything seems to be working well outside of email notifications. The stack is running PHP 7.1 and Apache2.4 on Ubuntu Server 16.04.
Email works fine via a test command:
sudo su - www-data -s /bin/bash -c 'echo "this is the body" | mail -s "Subject" webdev#domain.edu webdev#domain.edu'
Here is the mod evasion.conf:
<IfModule mod_evasive20.c>
DOSHashTableSize 3097
DOSPageCount 1
DOSSiteCount 1
DOSPageInterval 10
DOSSiteInterval 10
DOSBlockingPeriod 10
DOSEmailNotify root
#DOSSystemCommand "su - someuser -c '/sbin/... %s ...'"
DOSLogDir "/var/log/mod_evasive"
</IfModule>
Here is the ssmtp.conf file:
root=webdev#domain.edu
FromLineOverride=YES
Debug=YES
UseSTARTTLS=YES
UseTLS=YES
mailhub=email-smtp.us-east-1.amazonaws.com:465
AuthUser=#######
AuthPass=#######
AuthMethod=LOGIN
Here is the revaliases file:
root:noreply#domain.edu:email-smtp.us-east-1.amazonaws.com:25
www-data:noreply#domain.edu:email-smtp.us-east-1.amazonaws.com:25
mod_evasive has a hard-coded command of the mailer invocation, defined as MAILER inside the source-code and also mentioned in e.g. this bug report.
#define MAILER "/bin/mail %s"
%s is substituted by the value of directive DOSEmailNotify when sending mails. However, nowadays on most systems /bin/main is not used and you might want to use sendmail instead. What you could do, is to create a wrapper script as /bin/mail (assumed that this binary does not exist at all or is not used).
#!/bin/bash
if [ "$1" != "" ]
then
/usr/sbin/sendmail -t "$1"
fi
Adjust the path to your sendmail binary and finally make the script executable using chmod 0755 /bin/mail.
I follow this tutorial in order to modify the ssh welcome message of my server, but when I ssh, I have no message at all...
Here is some informations:
/etc/motd.tcl is executable
➜ ~ ls -l /etc/motd.tcl
-rwxr-xr-x 1 root root 3687 oct. 11 10:31 /etc/motd.tcl
/etc/motd.tcl is at the end of /etc/profile
➜ ~ sudo cat /etc/profile | grep motd
/etc/motd.tcl
/etc/motd.tcl displays my welcome message without any errors:
My /etc/ssh/sshd_config contains the following lines:
PrintMotd yes
PrintLastLog no
Maybe the tutorial is outdated and I have to change something but I did not manage to find the information.
Thanks for any hints.
Edit: Issue seems to be due to zsh/oh-my-zsh because when I log in with the root account (which does not have zsh shell) the motd is displayed
In the tutorial, there's this section:
# * Check if we're somewhere in /home
#if {![string match -nocase "/home*" $var(path)]} {
if {![string match -nocase "/home*" $var(path)] && ![string match -nocase "/usr/home*" $var(path)] } {
return 0
}
I've verified with a puts before return 0 that when I log in and the MOTD would be shown, this if gets executed, preventing the rest of the script from outputting anything. Remove these lines and it should work as expected.
My issue is that I want run a script from root for which I always have to login with root manually by typing "su -" on command line.
My query is that the script which I am executing it automatically login with root by just prompting me for password. Help me!!!
::::::::::Script:::::::::::::
if [ "$(whoami)" != "root" ]; then
echo -e '\E[41m'"\033[1mYou must be root to run this script\033[0m"
**su - # at this line I want to login as root but it is not working**
exit 1
fi
sleep 1
if [ "$(pwd)" != "/root" ]; then
echo -e '\E[41m'"\033[1mCopy this script to /root & then try again\033[0m"
cd /root
exit 1
fi
sleep 1
echo -e '\E[36;45m'"\033[1mDownloading Flash Player from ftp.etilizepak.com\033[0m"
sleep 2
wget -vcxr ftp://soft:S0ft\!#ftp.abc.com/ubuntu/ubuntu\ 12.04/adobe-flashplugin=/install_flash_player_11_linux.i386.tar.gz
cd ftp.abc.com/ubuntu/ubuntu\ 12.04/adobe-flashplugin/
sleep 1
echo -e '\E[42m'"\033[1mUnzipping .tar File...\033[0m"
sleep 1
tar -xzf install_flash_player_11_linux.i386.tar.gz
echo "Unzipping Compeleted"
sleep 2
echo -e '\E[42m'"\033[1mCopying libflashplayer.so\033[0m"
cp libflashplayer.so /usr/lib/mozilla/plugins/
:::::::::::::::END:::::::::::::::::::::
I'm not sure if I understand your question but I suppose you want to run something inside you script with root privileges - then you shuold use "sudo" command.
You can also suppress the password prompt, this can be configured in sudoers" configuration file.
Some more info here:
https://unix.stackexchange.com/questions/35338/su-vs-sudo-s-vs-sudo-bash
Shell script calls sudo; how do I suppress the password prompt
There is tons of examples, google something like "linux sudo examples" and you will get lots of examples how to use su, sudo ans sudoers commands.
According to your comments to my previous answer, here is how i do it:
There are two files in the same directory:
-rwx------ 1 root root 19 Sep 10 13:04 test2.sh
-rwxrwxrwx 1 root root 29 Sep 10 13:06 test.sh
File test.sh:
#!/bin/bash
# put your message here
su -c ./test2.sh
File test2.sh:
#!/bin/bash
echo You run as:
whoami
# put your code here
Result:
> ./test.sh
Password:****
You run as:
root
If you want to suppress the password prompt for this script only, replace "su -c" with "sudo" and configure sudoers file according to insctructions from here: https://askubuntu.com/questions/155791/how-do-i-sudo-a-command-in-a-script-without-being-asked-for-a-password
I want to download a lot of urls in a script but I do not want to save the ones that lead to HTTP errors.
As far as I can tell from the man pages, neither curl or wget provide such functionality.
Does anyone know about another downloader who does?
I think the -f option to curl does what you want:
-f, --fail
(HTTP) Fail silently (no output at all) on server errors. This is mostly done to better
enable scripts etc to better deal with failed attempts. In normal cases when an HTTP
server fails to deliver a document, it returns an HTML document stating so (which often
also describes why and more). This flag will prevent curl from outputting that and
return error 22. [...]
However, if the response was actually a 301 or 302 redirect, that still gets saved, even if its destination would result in an error:
$ curl -fO http://google.com/aoeu
$ cat aoeu
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
here.
</BODY></HTML>
To follow the redirect to its dead end, also give the -L option:
-L, --location
(HTTP/HTTPS) If the server reports that the requested page has moved to a different
location (indicated with a Location: header and a 3XX response code), this option will
make curl redo the request on the new place. [...]
One liner I just setup for this very purpose:
(works only with a single file, might be useful for others)
A=$$; ( wget -q "http://foo.com/pipo.txt" -O $A.d && mv $A.d pipo.txt ) || (rm $A.d; echo "Removing temp file")
This will attempt to download the file from the remote Host. If there is an Error, the file is not kept. In all other cases, it's kept and renamed.
Ancient thread.. landed here looking for a solution... ended up writing some shell code to do it.
if [ `curl -s -w "%{http_code}" --compress -o /tmp/something \
http://example.com/my/url/` = "200" ]; then
echo "yay"; cp /tmp/something /path/to/destination/filename
fi
This will download output to a tmp file, and create/overwrite output file only if status was a 200. My usecase is slightly different.. in my case the output takes > 10 seconds to generate... and I did not want the destination file to remain blank for that duration.
NOTE: I am aware that this is an older question, but I believe I have found a better solution for those using wget than any of the above answers provide.
wget -q $URL 2>/dev/null
Will save the target file to the local directory if and only if the HTTP status code is within the 200 range (Ok).
Additionally, if you wanted to do something like print out an error whenever the request was met with an error, you could check the wget exit code for non-zero values like so:
wget -q $URL 2>/dev/null
if [ $? != 0]; then
echo "There was an error!"
fi
I hope this is helpful to someone out there facing the same issues I was.
Update:
I just put this into a more script-able form for my own project, and thought I'd share:
function dl {
pushd . > /dev/null
cd $(dirname $1)
wget -q $BASE_URL/$1 2> /dev/null
if [ $? != 0 ]; then
echo ">> ERROR could not download file \"$1\"" 1>&2
exit 1
fi
popd > /dev/null
}
I have a workaround to propose, it does download the file but it also removes it if its size is 0 (which happens if a 404 occurs).
wget -O <filename> <url/to/file>
if [[ (du <filename> | cut -f 1) == 0 ]]; then
rm <filename>;
fi;
It works for zsh but you can adapt it for other shells.
But it only saves it in first place if you provide the -O option
As alternative you can create a temporal rotational file:
wget http://example.net/myfile.json -O myfile.json.tmp -t 3 -q && mv list.json.tmp list.json
The previous command will always download the file "myfile.json.tmp" however only when the wget exit status is equal to 0 the file is rotated as "myfile.json".
This solution will prevent to overwrite the final file when a network failure occurs.
The advantage of this method is that in case that something is wrong you can inspect the temporal file and see what error message is returned.
The "-t" parameter attempt to download the file several times in case of error.
The "-q" is the quiet mode and it's important to use with cron because cron will report any output of wget.
The "-O" is the output file path and name.
Remember that for Cron schedules it's very important to provide always the full path for all the files and in this case for the "wget" program it self as well.
You can download the file without saving using "-O -" option as
wget -O - http://jagor.srce.hr/
You can get mor information at http://www.gnu.org/software/wget/manual/wget.html#Advanced-Usage