如何授予用户访问网络服务的权限
我有一个在 ubuntu 服务器上运行的网络服务。这个网络服务有一个方法:
...
main()
{
soap_serve(soap_new());
}
ns_call(std::string who, std::string &result)
{
int j;
j=system ("asterisk -rx \"reload\"");
return SOAP_OK;
}
在客户端,返回可以,但是命令行没有执行。为什么?请帮忙。我堆积如山
I have a webservice running on ubuntu server. This webservice has a method :
...
main()
{
soap_serve(soap_new());
}
ns_call(std::string who, std::string &result)
{
int j;
j=system ("asterisk -rx \"reload\"");
return SOAP_OK;
}
ON THE CLIENT SIDE THE RETURN IS OK BUT THE command line is not executed. WHY? please help. I am stacked
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我假设该命令实际上正在运行,但它无法连接到 Asterisk 并发出重新加载命令,因为运行 Web 服务器的用户没有连接到 Asterisk 的权限。
两种解决方案。推荐第一个。
sudo
配置
sudo以允许 Web 服务器用户以asterisk用户身份执行特定命令“asterisk -rx reload”:然后使用此命令正如您传递给
system()的命令:套接字权限
asterisk -r使用 UNIX 域套接字连接到 Asterisk 服务器。套接字的位置可能会根据您的系统而有所不同,但请查找类似/var/run/asterisk.ctl的内容。默认情况下,此套接字的权限可能设置为只有星号用户(或 root)可以连接。您需要安排 Web 服务器用户有权读取和写入此套接字。例如,您可以将套接字
chmod为a+rwx,以使其可供系统上的任何用户使用。 (如果系统上有不受信任的用户,请不要执行此操作!)或者您可以授予对此套接字的组写权限,并将其chgrp授予 Web 服务器运行所在的组。无论您如何执行此操作,请注意您正在授予代表您的 Asterisk 服务器执行潜在危险操作的权限。
I am presuming that the command is actually running but it's not able to connect to Asterisk and issue the reload command because the user that is running the web server does not have permission to connect to Asterisk.
Two solutions. The first one is recommended.
sudo
Configure
sudoto allow the web server user to execute the specific command "asterisk -rx reload" as theasteriskuser:And then use this as the command you pass to
system():socket permissions
asterisk -ruses a UNIX-domain socket to connect to the Asterisk server. The location of the socket may vary depending on your system but look for something like/var/run/asterisk.ctl. By default, the permissions of this socket are probably set so that only theasteriskuser (or root) can connect.You need to arrange for the web server user to have permission to read and write to this socket. For example, you could
chmodthe socket toa+rwxto make it usable by any user on the system. (Don't do this if you have untrusted users on the system!) Or you could grant grant group write permission to this socket andchgrpit to the group that the web server runs as.No matter how you do it, be aware that you are granting permission for things to execute potentially dangerous actions on behalf of your Asterisk server.