Bug#304615: asterisk-web-vmail: vmail.cgi can't accessvoicemail.conf by default

Michel Meyers Michel Meyers <steltek@tcnnet.dyndns.org>, 304615@bugs.debian.org
Thu, 14 Apr 2005 14:27:22 +0200 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Kilian Krause wrote:
> Hi Michel,

Hello,

>>Bleh, no /etc/asterisk/voicemail.conf at
>>/usr/lib/cgi-bin/asterisk/vmail.cgi line 96.
>
>
> can you try "dpkg --force-depends -P asterisk-config;apt-get --reinstall
> install asterisk-config" please? I've no idea where this came from, but
> i do indeed see the same issue with my box. Having asterisk-config
> provide these files according to "dpkg -L asterisk-config", but the dir
> being empty except for:
> -rw-r--r--  1 root root 10345 Mar 21 11:23 indications.conf
> -rw-r--r--  1 root root  2514 Mar 21 11:23 modem.conf
> -rw-r--r--  1 root root  5020 Mar 21 11:23 queues.conf
>
> Do you reckon this is what you have too?

No, in my case the file DID exist (the error message is misleading) but
had the following permissions:
- -rw-r-----  1 asterisk asterisk  7000 Mar 21 12:23 voicemail.conf

As a result, Apache (and thus the vmail.cgi script) couldn't access the
file and returned the aforementioned error message.

> And do you reckon the above
> fixes the problem for you?

Doing the reinstall of the package I now have:
- -rw-r--r--  1 root     root      7000 Mar 21 12:23 voicemail.conf

That does fix the problem (by making voicemail.conf world-readable) but
at the same time it could be considered a security issue (voicemail.conf
containing the vmail passwords, it shouldn't be world readable I guess).

What I did instead was 'chgrp asterisk /etc/asterisk/voicemail.conf'
which makes the file look as follows:
- -rw-r-----  1 asterisk www-data 7000 Mar 21 12:23 voicemail.conf

Result: Asterisk can access the file and Apache can also get to it
(through the www-data group). Alternatively you could leave ownership at
asterisk.asterisk and instead add the user www-data to the asterisk
group, granting it access to asterisk's files.

Greetings,
         Michel
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32) - GPGrelay v0.958

iD8DBQFCXmGt2Vs+MkscAyURAkmYAKDtMkOEitIRdicCcv85MINv2kGcTgCg9o+X
oW6XEc2HQRuFsGnpLL5EJ3U=
=1xYD
-----END PGP SIGNATURE-----