Asterisk-pbx-spool - permission issue to load pbx_load.so module

aXon · March 29, 2022, 2:35pm

Hello there,

I have upgraded my Ubiquiti EdgeRouter X from 19.10 to 21.02.2, after getting to grips with the DSA transition. Now, I am having issues with asterisk, having advanced from asterisk 1.6 to asterisk 1.8 (default in 21.02.2). All of my configuration works with the latest available packages, but not a callback function, which is reliant on the asterisk module pbx_load.so, part of the asterisk-pbx-spool package.

I have, to no avail, tried to chase down, where the issue is and it seems to be a permission issue with a spool directory at /var/spool/asterisk/, being the default in /etc/asterisk/asterisk.conf as well as startup script /etc/init.d/asterisk, creating it in the first instance. One of the novel parts of the latest asterisk is, that it is run as the asterisk user, instead of root. When changing the user in the startup script in /etc/init.d/asterisk, this resolves all the issues and it works.

I have tried to create the directory manually as well as chown it to asterisk:asterisk, but the module would not load and return the following in an asterisk console:

Mar 29 12:35:13] WARNING[7372]: pbx_spool.c:952 load_module: Unable to create queue directory /var/spool/asterisk/outgoing -- outgoing spool disabled

The thing with this spool directory is, being part of /var, which is mapped to /tmp, that it should reside in RAM, rather than flash, as it would write, delete and overwrite things like callback files or voicemails, which are sent via email, hence not burdening the flash.

I was just wondering, if there is some mechanism, by which OpenWrt is keeping other users than root from accessing/writing to it, as I cannot think of any other reason why the directory was not accessible to an asterisk instance run as asterisk user.

Are there any other solutions to this, as running as root is of course a dangerous thing to do, if it can be avoided?

micmac1 · March 29, 2022, 4:01pm

Hi @aXon

I tried this on 21.02.2. There was no asterisk package installed on the router. I installed asterisk-pbx-spool, enabled it in /etc/config/asterisk, then ran /etc/init.d/asterisk start.

hank2*CLI> module show 
Module                         Description                              Use Count  Status      Support Level
pbx_spool.so                   Outgoing Spool Support                   0          Running              core

The directory was created:

root@hank2:~# ls -lh /var/spool/
drwxr-x---    3 asterisk asterisk      60 Mar 29 17:43 asterisk
root@hank2:~# ls -lh /var/spool/asterisk/
drwxr-xr-x    2 asterisk asterisk      40 Mar 29 17:43 outgoing
root@hank2:~# ls -lh /var/spool/asterisk/outgoing/
root@hank2:~#

In source code pbx/pbx_spool.c in load_module() ast_mkdir(qdir, 0777) is called. On flash this comes down with 755 permissions because of umask 0022.

It's not readily apparent to me why it wouldn't work for you as well.

Kind regards,
Seb

micmac1 · March 29, 2022, 7:03pm

The "asterisk" user needs to be able to create /var/spool/asterisk/outgoing. Maybe your permissions aren't allowing that. On the way there, do you have folder permissions o+rx ("others" can read and execute the folder)? The only exception would be /var/spool/asterisk, because this folder should be owned by user "asterisk" anyway

For example, if /var/spool is set to drwxr-x---, then the user "asterisk" cannot create /var/spool/asterisk/outgoing:

root@hank2:/tmp# chmod o-rx spool
root@hank2:/tmp# ls -lh|grep spool
drwxr-x---    3 root     root          60 Mar 29 17:43 spool
root@hank2:/tmp# su -s /bin/sh -c "mkdir /var/spool/asterisk/outgoing" asterisk
mkdir: can't create directory '/var/spool/asterisk/outgoing': Permission denied
root@hank2:/tmp# chmod o+rx spool
root@hank2:/tmp# ls -lh|grep spool
drwxr-xr-x    3 root     root          60 Mar 29 17:43 spool
root@hank2:/tmp# su -s /bin/sh -c "mkdir /var/spool/asterisk/outgoing" asterisk
root@hank2:/tmp#

If that's the problem then I'd say your folder permissions are shot.

micmac1 · March 29, 2022, 7:15pm

Edited and corrected my last comment.

aXon · March 31, 2022, 12:09am

@micmac1 The spool directory permissions were the culprit indeed. I had not fiddled with it and the router was also a fresh install due to DSA change from 19.07 -> 21.02.2. The spool directory was set without rx for others and hence the asterisk user could not create the call files, as the startup script in /etc/init.d/asterisk is taking care of creating the necessary folder structures, as this used to be problem with past asterisk packages on OpenWrt. Thanks for the quick reply/solution!

system · April 10, 2022, 12:09am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.