Alan DeKok <[email protected]> writes:
> Alan Buxey wrote:
>> hmm, command.c and auth.c appears to have been updated but
>> still see no joy with 'radmin' as munin user (who is in radiusd group)
>>
>> Mon Sep 5 15:55:04 2011 : Error: Unauthorized connection to
>> /var/run/radiusd/radiusd.sock from gid 101
>
> My guess is that the "get peer id" function is returning only *one*
> group. Munin is first part of the "munin" group, but secondly part of
> the "radmin" group. So... the sockets asks "which group is connecting",
> and gets told "munin".
I assume that's because the function uses the sockopt
"
SO_PEERCRED
Return the credentials of the foreign process connected to
this socket. This is only possible for connected AF_UNIX
stream sockets and AF_UNIX stream and datagram socket
pairs created using socketpair(2); see unix(7). The
returned credentials are those that were in effect at the
time of the call to connect(2) or socketpair(2). Argu‐
ment is a ucred structure. This socket option is
read-only.
"
So how about just running 'sg radiusd radmin'? Would that work? And be
an acceptable workaround?
Bjørn
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
