1

I'm developing a web application to manages my asterisk server ( adding extension, adding contexts managing clients, etc.. ) I'm using PHP, Mysql to do that, I used the database to add clients but for an extension, I still use the file extensions.conf. let's suppose that I added many extensions to the extensions.conf file from the web app, next I should reload the dialplan, the only way I know is by typing this command into the Asterisk CLI:

dialplan reload

so if I want to reload the dialplan from the web app I should run somewhere :

shell_exec ( "asterisk -rx 'dialplan reload'" );

the problem is this command asterisk -rx needs root privileges. is there a way to let the apache user run this command.

Edite :

this is the content of my /etc/asterisk/asterisk.conf file

[directories](!)
astetcdir => /etc/asterisk
astmoddir => /usr/lib/asterisk/modules
astvarlibdir => /var/lib/asterisk
astdbdir => /var/lib/asterisk
astkeydir => /var/lib/asterisk
astdatadir => /var/lib/asterisk
astagidir => /var/lib/asterisk/agi-bin
astspooldir => /var/spool/asterisk
[options]
astrundir => /var/run/asterisk
astlogdir => /var/log/asterisk
astsbindir => /usr/sbin
runuser = asterisk ; The user to run as. The default is root.
rungroup = asterisk ; The group to run as. The default is root
mouad36
  • 306
  • 2
  • 10

2 Answers2

2

You could use sudoers (not recommended) to allow for execution of specific user to run:

sudo asterisk -rx 'dialplan reload'

and you can call that from your user, although this is dangerous if that is your web user...

Or you can use AMI

To execute a command via Asterisk Manager Interface (AMI) you can create yourself a user in manager.conf and then from PHP use a script to auth and execute a command. Example:

<?php
    $socket = fsockopen("127.0.0.1","5038", $errno, $errstr, 10);
    if (!$socket){
        echo "$errstr ($errno)\n";
    }else{
        fputs($socket, "Action: Login\r\n");
        fputs($socket, "UserName: myusername\r\n");
        fputs($socket, "Secret: mypassword\r\n\r\n");

        fputs($socket, "Action: Command\r\n");
        fputs($socket, "Command: dialplan reload\r\n\r\n");

        fputs($socket, "Action: Logoff\r\n\r\n");
        while (!feof($socket)){
            echo fgets($socket).'<br>';
        }
        fclose($socket);
    }
?>
m7913d
  • 10,244
  • 7
  • 28
  • 56
Ron
  • 5,900
  • 2
  • 20
  • 30
0

Your command NOT need root privileges.

Check /etc/asterisk/asterisk.conf for file and permissions used.

arheops
  • 15,544
  • 1
  • 21
  • 27
  • I will provide my asterisk.conf in the question in till me what is the problem, please – mouad36 Sep 24 '20 at 15:18
  • "runuser = asterisk" so you should use asterisk user or change user on webserver/or user for asterisk be same as webserver – arheops Sep 24 '20 at 16:46
  • thank you very much for answering, is there a way by adding the apache user to the same group as the asterisk user – mouad36 Sep 24 '20 at 16:55
  • Yes, but you have change astctlpermissions to be group-writable https://www.voip-info.org/asterisk-config-asteriskconf/ – arheops Sep 24 '20 at 23:18
  • thank you very much, it works for me but I wanna know where I can learn more about why it didn't work for the first time and wy it works now. I mean what astctlpermissions does – mouad36 Sep 25 '20 at 13:35
  • Asterisk console(what you use via asterisk -r) send commands via pipe to asterisk. That pipe permissions defined in asterisk.conf. For security reason it not allow ANY user acess file, read more about linux permissions system. – arheops Sep 25 '20 at 17:09