Re: rlm_counter: Failed to open file /etc/raddb/db.daily: Permission denied

Thu, 13 Nov 2008 15:25:40 -0800 

The default user and group have not been modified.
The server DOES NOT run as root. It always starts as root, but changes its self. 

...from radiusd.conf
#   We STRONGLY recommend that you run the server with as few permissions
#   as possible.  That is, if you're not using shadow passwords, the
#   user and group items below should be set to radius'.

They are:

user = radiusd
group = radiusd


In fact, the db.daily file was created by the application and this is 
the sole reason for the file's ownership being what it is.



In addition I have moved the location to /tmp where everyone has 
permission and it still fails.


This is a ps after "service start radiusd":
UID        PID  PPID  C STIME TTY          TIME CMD
radiusd   6909     1  0 Nov12 ?        00:00:00 /usr/sbin/radiusd

This is a ps after "/usr/sbin/radiusd -X":
UID        PID  PPID  C STIME TTY          TIME CMD
radiusd   6998  6933  5 15:48 pts/0    00:00:00 /usr/sbin/radiusd -X

This is a ps after "strace /usr/sbin/radiusd":
UID        PID  PPID  C STIME TTY          TIME CMD
radiusd   7004     1  0 15:50 ?        00:00:00 /usr/sbin/radiusd

In all cases its running as radiusd.

So, any more ideas on how to fix this?

-Ted-

Alan DeKok wrote:

Ted Lum wrote:

  

Any idea how to fix this?

    


  Don't edit the default configuration files to break them.

  The default configuration files have the server running as root.
You've changed that to a user who does NOT have permission to read the
configuration files.


  

Wed Nov 12 21:29:16 2008 : Error: rlm_counter: Failed to open file
/etc/raddb/db.daily: Permission denied

    

...

  

/etc/raddb
-rw-------  1 radiusd radiusd 12312 Nov 12 21:29 db.daily

    


  The server isn't running as user "radiusd/radiusd".  Fix that.


  

This works:
# /usr/sbin/radiusd -X

    


 Becuse you're running it as root.


  

This works:
# strace /usr/sbin/radiusd

    


  Because you're running it as root.


  

This does not work:
# service radiusd start
Starting RADIUS server:                                    [FAILED]

    


  Because it changes UID's, and does not run as root.

  Alan DeKok.


  



--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html






















					Reply via email to