You (asterisk) are not allowed to access to (crontab) because of pam configuration. #97
Description
related to #88
version
git branch -v
* (HEAD detached at 20.16.20) efb4c22 20.16.20
main efb4c22 20.16.20
Using unmodified compose.yml and default .env file
apparmor is running on docker host (ubuntu 24.04)
apparmor is not running on the docker guest
it makes no difference if i temporarily disable apparmor on docker host, same error.
I am facing this issue and my asterisk is not starting on a ubuntu 24.04 host. The funny thing is it is starting on ubuntu 22.04 host.
I am getting this error:
izpbx | Adding default template settings FreePBX-Template
izpbx | 600 [------------>---------------]
izpbx | In Cron.class.php line 129:
izpbx |
izpbx | Cron line added didn't remain in crontab on final check. Check /data/var/sp
izpbx | ool/asterisk/tmp/cron.error for reason.
less data/izpbx/var/spool/asterisk/tmp/cron.error
You (asterisk) are not allowed to access to (crontab) because of pam configuration.
........ repeating above message ......................
You (asterisk) are not allowed to access to (crontab) because of pam configuration.
the workaround to be executed on the izpbx folder
mkdir -p data/izpbx-conf/pam.d
sudo tee data/izpbx-conf/pam.d/crond > /dev/null << 'EOF'
#
# The PAM configuration file for the cron daemon
#
# No PAM authentication called, but auth modules used for credential setting
auth sufficient pam_permit.so
# Allow all accounts to run cron jobs
account sufficient pam_permit.so
# Set up session
session required pam_loginuid.so
session include system-auth
EOF
sed -i '\%^ - \./data/izpbx:/data%a\
- ./data/izpbx-conf/pam.d/crond:/etc/pam.d/crond:ro
' compose.yml
this workaround works, BUT it is disabling fully the security on cron jobs!
So afaik not a good idea.
is it planned to fix the issue?