[Giorgio Pioda] > Some progress and some questions > > Checking with strace the activity of freeradius in debug mode, > I've seen that the daemon was triing to write into /tmp/user/0 > which had root:root and 0711 privileges. > > Opening to 0777 makes the authentication successful and a radius_125 > file (freerad:freerad owner) is created. > > Is it ok to have such a permission in this directory?
No. The /tmp/user/0 directory is the TMP/TMPDIR directory of the root user. It is created by libpam-tmpdir when a user log in and ensure users are more isolated from each other. If the radius server lack write access to this directory, it is because it isn't running as the root user when it try to write its files. A quickfix is to restart the daemon while TMP and TMPDIR is unset, ie something like this: 'TMP= TMPDIR= service freeradios restart' The proper fix is perhaps to stop freeradios from storing files in /tmp, or to get it to call PAM when changing uid (to create its own directory under /tmp/user/), or to get it to open the files in /tmp/ before changing uid. :) -- Happy hacking Petter Reinholdtsen -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
