Difference between revisions of "Permissions"
From FusionPBX
VoIPJunkie (talk | contribs) (→FIX-PERMISSIONS) |
|||
(5 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
− | Permissions are a critical part of a working system. | + | Permissions are a critical part of a working system. |
+ | |||
+ | |||
+ | Incorrect permissions can cause many problem including the following: | ||
+ | * fusionpbx writing the config files for freeswitch | ||
+ | * prevent voicemail to email from actually sending the email | ||
+ | * prevent recordings from working | ||
+ | * prevent fax to email working | ||
+ | |||
Where do the file permissions come from. | Where do the file permissions come from. | ||
* FusionPBX gets its file permissions from the user account that the web server is running under. | * FusionPBX gets its file permissions from the user account that the web server is running under. | ||
* FreeSWITCH gets its file permissions under the user account that it runs under | * FreeSWITCH gets its file permissions under the user account that it runs under | ||
+ | |||
What needs to be achieved with permissions. | What needs to be achieved with permissions. | ||
− | * FusionPBX needs permission read and write to most of FreeSWITCH's files. | + | * FusionPBX needs permission to read and write to most of FreeSWITCH's files. |
− | * FreeSWITCH needs permission to read all its files | + | * FreeSWITCH needs permission to read all its files and write to the storage directory and its sub directories. |
* FreeSWITCH needs read permissions on the fusionpbx/secure directory and execute on the cli conf file and the fax and email php files. | * FreeSWITCH needs read permissions on the fusionpbx/secure directory and execute on the cli conf file and the fax and email php files. | ||
+ | |||
+ | ==FIX-PERMISSIONS== | ||
+ | Adjust the variables accordingly [eg httpd for centos] | ||
+ | <pre> | ||
+ | #!/bin/bash | ||
+ | FSDIR="/usr/local/freeswitch" | ||
+ | FPBXDIR="/var/www/fusionpbx" | ||
+ | WWWUSER="www-data" | ||
+ | |||
+ | echo "setting FreeSWITCH owned by $WWWUSER.$WWWUSER" | ||
+ | chown -R $WWWUSER.$WWWUSER $FSDIR | ||
+ | #remove 'other' permissions on freeswitch | ||
+ | chmod -R o-rwx $FSDIR/ | ||
+ | #set FreeSWITCH directories full permissions for user/group with group sticky | ||
+ | echo "Setting group ID sticky for FreeSWITCH" | ||
+ | find $FSDIR -type d -exec chmod u=rwx,g=srx,o= {} \; | ||
+ | #make sure FreeSWITCH directories have group write | ||
+ | echo "Setting Group Write for FreeSWITCH files" | ||
+ | find $FSDIR -type f -exec chmod g+w {} \; | ||
+ | #make sure FreeSWITCH files have group write | ||
+ | echo "Setting Group Write for FreeSWITCH directories" | ||
+ | find $FSDIR -type d -exec chmod g+w {} \; | ||
+ | echo "setting FusionPBX owned by $WWWUSER.$WWWUSER just in case" | ||
+ | if [[ -e "$FPBXDIR" ]]; then | ||
+ | /bin/chown -R $WWWUSER.$WWWUSER $FPBXDIR | ||
+ | fi | ||
+ | echo "Changing /etc/init.d/freeswitch to start with user $WWWUSER" | ||
+ | sed -i -e s,'USER=freeswitch',"USER=$WWWUSER", /etc/init.d/freeswitch | ||
+ | </pre> |
Latest revision as of 03:13, 15 January 2015
Permissions are a critical part of a working system.
Incorrect permissions can cause many problem including the following:
- fusionpbx writing the config files for freeswitch
- prevent voicemail to email from actually sending the email
- prevent recordings from working
- prevent fax to email working
Where do the file permissions come from.
- FusionPBX gets its file permissions from the user account that the web server is running under.
- FreeSWITCH gets its file permissions under the user account that it runs under
What needs to be achieved with permissions.
- FusionPBX needs permission to read and write to most of FreeSWITCH's files.
- FreeSWITCH needs permission to read all its files and write to the storage directory and its sub directories.
- FreeSWITCH needs read permissions on the fusionpbx/secure directory and execute on the cli conf file and the fax and email php files.
FIX-PERMISSIONS
Adjust the variables accordingly [eg httpd for centos]
#!/bin/bash FSDIR="/usr/local/freeswitch" FPBXDIR="/var/www/fusionpbx" WWWUSER="www-data" echo "setting FreeSWITCH owned by $WWWUSER.$WWWUSER" chown -R $WWWUSER.$WWWUSER $FSDIR #remove 'other' permissions on freeswitch chmod -R o-rwx $FSDIR/ #set FreeSWITCH directories full permissions for user/group with group sticky echo "Setting group ID sticky for FreeSWITCH" find $FSDIR -type d -exec chmod u=rwx,g=srx,o= {} \; #make sure FreeSWITCH directories have group write echo "Setting Group Write for FreeSWITCH files" find $FSDIR -type f -exec chmod g+w {} \; #make sure FreeSWITCH files have group write echo "Setting Group Write for FreeSWITCH directories" find $FSDIR -type d -exec chmod g+w {} \; echo "setting FusionPBX owned by $WWWUSER.$WWWUSER just in case" if [[ -e "$FPBXDIR" ]]; then /bin/chown -R $WWWUSER.$WWWUSER $FPBXDIR fi echo "Changing /etc/init.d/freeswitch to start with user $WWWUSER" sed -i -e s,'USER=freeswitch',"USER=$WWWUSER", /etc/init.d/freeswitch