Am I the only one that runs FreePBX with different user/group specified for the following?
AMPASTERISKGROUP
AMPASTERISKUSER
AMPASTERISKWEBGROUP
AMPASTERISKWEBUSER
The default is for all four of those variables to be “asterisk” which is fine and great if your box is not running web services for something else too.
My server is performing multiple functions including running Asterisk/FreePBX but also general web server for a few domains that I host (for family and a non-profit club).
As a result I prefer to run apache as user “apache” (the default) and Asterisk runs as the default user “asterisk”.
The FreePBX settings seem to try allow for this type of setup by allowing you to specify a different user and/or group for the Asterisk and web server systems, BUT the back end does not correctly set LINUX user/group permissions and ownership to correctly cater for this.
If you set your web user and group different to the Asterisk user and group then when next “amportal restart” is used the permissions get set such that you can’t login via the web interface, primarily due to /etc/freepbx.conf having permissions that do not permit your web user to access it…
In December I was quite happy that I’d submitted my first bug report with patch to help with this particular issue I was having as it was driving me a little crazy that I had to manually keep editing certain files after updating the framework module. I was even more please when my patch was accepted and added to the framework module and became included in the next framework module update.
Yay, problem solved at last, or so I thought.
One or two framework module updates later the code had been changed, my patch was still there but some of the permission setting had been separated into another routine which once again presented me with pretty much the same issue I had previously 
I’m now running framework version 12.0.32 and have a new patch file to patch freepbx_engine again to set permissions as I need them to be…
This mainly came to light for me a today when I knuckled down to try fix a module update failure I was having and came across this topic “Getting Data from Online Server…Cant Reach Online Server”.
Andrew was very patient and came up with a solution, thank you, that I saw many reported as having worked.
My problem was that before I could try Andrew’s solution I first had to resolve my new permission issue.
Andrew’s solution required running /var/lib/asterisk/bin/freepbx_setting, which seems to be the script that applies the changes to the settings, but I kept getting a permission denied error reported from sudo (the script re-runs itself sudo’ed as the “AMPASTERISKWEBUSER” user is you’re not running the script logged in as that user).
At first I thought I needed to add that command to my sudoers list to allow apache to run the command but that didn’t help. I had also already set that files owner/group and permissions so that apache would have permissions to run it but I then discovered I also needed to set the directories permissions too (both /var/lib/asterisk/bin and /var/lib/asterisk) so that they were owned by asterisk but group owned by apache and permissions of 770.
Once I did that I could then run Andrew’s solution and could then use the module admin to update modules again 
.
I’m quite willing to submit a new patch again, but if I’m clearly the only one that runs Asterisk and Apache this way then I’m also willing to leave it be and just run my patch locally, after each framework update, and live with the “tampered files” notice as a result of modifying a file…
Please don’t get me wring and think I’m just complaining about a free product, I do love FreePBX and it’s certainly made my life that much easier but if I’m the only one with this “problem” is it really worth the developers time dealing with this???