### Description I want start kamailio as `root` user with carrierroute module. and get this error message ``` [root@ip-172-22-6-233 config]# kamailio -DD -E 0(13687) INFO: <core> [core/sctp_core.c:74]: sctp_core_check_support(): SCTP API not enabled - if you want to use it, load sctp module Listening on udp: 172.22.6.233:5060 tcp: 172.22.6.233:5060 Aliases: tcp: ip-172-22-6-233.us-west-1.compute.internal:5060 udp: ip-172-22-6-233.us-west-1.compute.internal:5060
0(13687) INFO: <core> [core/tcp_main.c:5042]: init_tcp(): using epoll_lt as the io watch method (auto detected) 0(13687) INFO: carrierroute [carrierroute.c:197]: mod_init(): use file as configuration source 0(13687) ERROR: carrierroute [carrierroute.c:219]: mod_init(): config file /etc/kamailio/carrierroute.conf not writable 0(13687) ERROR: <core> [core/sr_module.c:849]: init_mod(): Error while initializing module carrierroute (/usr/lib64/kamailio/modules/carrierroute.so) ERROR: error while initializing modules 0(13687) INFO: <core> [core/sctp_core.c:53]: sctp_core_destroy(): SCTP API not initialized ``` I checked file permissions ```sh [root@ip-172-22-6-233 config]# ls -l /etc/kamailio/carrierroute.conf -rw-rw----. 1 kamailio kamailio 403 Jun 23 18:07 /etc/kamailio/carrierroute.conf ``` Looks as file permissions as expected.
### Troubleshooting Issue related to a difference of process user/group and file user/group.
#### Reproduction 1) create `/etc/kamailio/carrierroute.conf` with kamailio user/group; 2) change file permissions to 660; 3) start kamailio as root user
#### Debugging Data none
#### Log Messages none
#### SIP Traffic none
### Possible Solutions Add information about the expected user group permissions, like ``` config file /etc/kamailio/carrierroute.conf not writable or not owned by "root" user and "root" group ```
### Additional Information
* **Kamailio Version** - output of `kamailio -v`
``` [root@ip-172-22-6-233 config]# kamailio -v version: kamailio 5.3.4 (x86_64/linux) 117ff9 flags: USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MMAP, PKG_MALLOC, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLACKLIST, HAVE_RESOLV_RES, TLS_PTHREAD_MUTEX_SHARED ADAPTIVE_WAIT_LOOPS 1024, MAX_RECV_BUFFER_SIZE 262144, MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB poll method support: poll, epoll_lt, epoll_et, sigio_rt, select. id: 117ff9 compiled on 15:31:51 May 6 2020 with gcc 8.3.1 ```
* **Operating System**: ``` [root@ip-172-22-6-233 config]# cat /etc/os-release NAME="CentOS Linux" VERSION="8 (Core)" ID="centos" ID_LIKE="rhel fedora" VERSION_ID="8" PLATFORM_ID="platform:el8" PRETTY_NAME="CentOS Linux 8 (Core)" ANSI_COLOR="0;31" CPE_NAME="cpe:/o:centos:centos:8" HOME_URL="https://www.centos.org/" BUG_REPORT_URL="https://bugs.centos.org/"
CENTOS_MANTISBT_PROJECT="CentOS-8" CENTOS_MANTISBT_PROJECT_VERSION="8" REDHAT_SUPPORT_PRODUCT="centos" REDHAT_SUPPORT_PRODUCT_VERSION="8" ```
The log message was a bit misleading, the error likely happens because of ownership checking. This seems by design: the code checks if the owner user/group of the file is matching with kamailio runtime user/group.
I pushed commits to make the log message provide more details as well as adding a note to the docs about this constraint.
I am not sure the reason behind such strict checking, but if wanted to be changed, someone has to relax those conditions in the C code -- a PR from contributors or a commit from developer of the module.
Closed #2369.
Thanks Daniel. If I remember correctly it was done to prevent errors during run-time modification of the cfg from Kamailio in certain directory/file permission situations (more to enforce the correctness). I would of course also work with if its "just" writable from Kamailio, pull-requests are of course welcome.
-
Daniel-Constantin Mierla -
Henning Westerholt
-
sergey-safarov