We are using TFTP with EPM and Polycom phones.
The Polycom phones can’t write their log files to the logs folder.
Funny thing is that the phones will write to the log file if I manually create the log file first.
This is how my basefile looks:
LOG_FILE_DIRECTORY="/logs/"
The permissions for the /tftpboot/logs/ folder is:
drwxrwxrwx 2 asterisk asterisk 4096 Jan 19 19:15 logs
This is because the server is not given the -c option. This may have some security implications. Feel free to open up a feature request. You could change this yourself but it may get nuked on an update
I’ll do it and open the feature request to go with it in the mean time.
It make sense - I have the same problem with the polycom mac-directory.xml files - they can’t create them; they can only edit them I put them there myself.
[update]
So I set the option for service tftp to:
server_args = -s -c /tftpboot
and restarted the xinetd service; but it still doesn’t create the log file in /tftpboot/logs
selinux is disabled.
Here is my /etc/xinetd.d/tftp file:
service tftp
{
disable = no
socket_type = dgram
protocol = udp
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -s -c /tftpboot
per_source = 11
cps = 100 2
flags = IPv4
}
When I chmod 777 the tftpboot folder, it seems like when I commit changes in FreePBX that it changes the folder permissions back. Maybe there’s a setting I’m lacking somewhere?
I am watching the messages tail and WRQs are getting permission denied.
I would spend my efforts on deploying a safer method, tftp is plain dangerous. Polycoms are very happy with https (but you will still need to give write permission to asterisk on the directory)
So is setting the directories and files to 777 because that means anything can be uploaded and then executed if they can figure out that the same directory is accessible via HTTP/HTTPS with no password and can run the scripts they updated via tftp.
I agree; I just wanted to make sure they could actually do it before I proceeded. I would like to continue using tftp as I have for over a decade, but I’ll change the permissions so they cannot execute.