Re: Running radiusd as the nobody user
This is a discussion on Re: Running radiusd as the nobody user within the FreeRADIUS Users forums, part of the Networking and Network Related category; As with most things in networking, when you ask for help, the answer comes rushing out to you. Here's ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
04-01-2005
|
|||
|
|||
Re: Running radiusd as the nobody user
As with most things in networking, when you ask for help, the answer
comes rushing out to you. Here's what worked. 1. Created radiusd user and the radiusd group, radiusd group is the primary for the radiusd user. 2. Do this: [root@p doc]# chmod -R -rwx /etc/raddb [root@p doc]# chmod u+rwx /etc/raddb [root@p doc]# chmod u+rwx /etc/raddb/certs/ [root@p doc]# chmod u+rwx /etc/raddb/certs/demoCA/ [root@p doc]# chmod -R u+rw /etc/raddb [root@p doc]# mkdir /var/run/radiusd [root@p doc]# chown radiusd:radiusd /var/run/radiusd.pid [root@p doc]# chown -R radiusd:radius /var/run/radiusd [root@p run]# /etc/init.d/radiusd stop Stopping RADIUS server: [FAILED] [root@p run]# /etc/init.d/radiusd start Starting RADIUS server: [ OK ] [root@p run]# /etc/init.d/radiusd status radiusd (pid 6239) is running... [root@p8806ux240 run]# On Apr 1, 2005 4:02 PM, Dennis Comeaux <dennis.comeaux@gmail.com> wrote: > Additionally - here's the ls -l on /etc/raddb: > > [root@p8806ux240 root]# ls -l /etc/raddb > total 460 > -rw------- 1 radiusd radiusd 422 Feb 28 10:40 acct_users > -rw------- 1 radiusd radiusd 3454 Feb 28 10:40 attrs > drwxrwxrwx 3 radiusd radiusd 4096 Mar 16 16:56 certs > -rw------- 1 radiusd radiusd 189 Feb 28 10:40 clients > -rw------- 1 radiusd radiusd 3200 Mar 22 08:19 clients.conf > -rw------- 1 radiusd radiusd 3135 Mar 16 16:45 clients.conf~ > -rw------- 1 radiusd radiusd 935 Feb 28 10:40 dictionary > -rw------- 1 radiusd radiusd 9228 Feb 28 16:41 eap.conf > -rw------- 1 radiusd radiusd 9223 Feb 28 16:40 eap.conf~ > -rw------- 1 radiusd radiusd 8266 Feb 28 10:40 experimental.conf > -rw------- 1 radiusd radiusd 2396 Feb 28 10:40 hints > -rw------- 1 radiusd radiusd 1604 Feb 28 10:40 huntgroups > -rw------- 1 radiusd radiusd 2368 Mar 2 10:56 #ldap.attrmap# > -rw------- 1 radiusd radiusd 2368 Mar 2 09:27 ldap.attrmap > -rw------- 1 radiusd radiusd 2333 Feb 28 10:40 ldap.attrmap~ > -rw------- 1 radiusd radiusd 9330 Feb 28 10:40 mssql.conf > -rw------- 1 radiusd radiusd 1020 Feb 28 10:40 naslist > -rw------- 1 radiusd radiusd 856 Feb 28 10:40 naspasswd > -rw------- 1 radiusd radiusd 12267 Feb 28 10:40 oraclesql.conf > -rw------- 1 radiusd radiusd 14156 Feb 28 10:40 postgresql.conf > -rw------- 1 radiusd radiusd 531 Feb 28 10:40 preproxy_users > -rw------- 1 radiusd radiusd 8862 Feb 28 10:40 proxy.conf > -rw------- 1 radiusd radiusd 58054 Mar 30 12:34 #radiusd.conf# > -rw------- 1 radiusd radiusd 58052 Apr 1 15:51 radiusd.conf > -rw------- 1 radiusd radiusd 58052 Apr 1 15:50 radiusd.conf~ > -rw------- 1 radiusd radiusd 57852 Feb 28 10:54 > radiusd.conf.bkup_050228-rw------- 1 radiusd radiusd 187 Feb > 28 10:40 realms > -rw------- 1 radiusd radiusd 1405 Feb 28 10:40 snmp.conf > -rw------- 1 radiusd radiusd 13892 Feb 28 10:40 sql.conf > -rw------- 1 radiusd radiusd 7118 Mar 2 16:49 users > -rw------- 1 radiusd radiusd 7115 Mar 2 16:49 users~ > -rw------- 1 radiusd radiusd 7267 Feb 28 10:40 x99.conf > -rw------- 1 radiusd radiusd 4165 Feb 28 10:40 x99passwd.sample > > > On Apr 1, 2005 4:00 PM, Dennis Comeaux <dennis.comeaux@gmail.com> wrote: > > Here's where I am now: > > > > I have a user named radiusd in group radiusd. > > > > I have tried chmod -R a+rwx /etc/raddb. I still get the > > 5968:error:0200100D:system library:fopen:Permission > > Denied:bss_file.c:104:fopen('/etc/raddb/certs/demoCA/cacert.pem','r') > > error. > > > > ls -l on the cacert.pem file shows that thefile has rwxrwxrwx. =( > > > > I know we don't want to run the server as root, but I'm running out of > > options in this Red Hat 9 system. > > > > Could it be rights to the ssl libraries????? The 1st error is the > > fopen one, are the others symptoms of the 1st one? > > > > Here's the current rights setup and execution: > > > > [root@p8806ux240 root]# ls -l /etc/raddb/certs/demoCA/ > > total 20 > > -rwxrwxrwx 1 radiusd radiusd 1432 Feb 28 11:26 cacert.pem > > -rwxrwxrwx 1 radiusd radiusd 276 Feb 28 10:40 index.txt > > -rwxrwxrwx 1 radiusd radiusd 140 Feb 28 10:40 index.txt.old > > -rwxrwxrwx 1 radiusd radiusd 3 Feb 28 10:40 serial > > -rwxrwxrwx 1 radiusd radiusd 3 Feb 28 10:40 serial.old > > [root@p8806ux240 root]# /etc/init.d/radiusd start > > Starting RADIUS server: Fri Apr 1 15:57:43 2005 : Info: Starting - > > reading configuration files ... > > 5975:error:0200100D:system library:fopen:Permission > > denied:bss_file.c:104:fopen('/etc/raddb/certs/demoCA/cacert.pem','r') > > 5975:error:2006D002:BIO routines:BIO_new_file:system lib:bss_file.c:109: > > 5975:error:0B084002:x509 certificate > > routines:X509_load_cert_crl_file:system lib:by_file.c:279: > > [FAILED] > > [root@p8806ux240 root]# /usr/local/sbin/radiusd -A > > Fri Apr 1 15:57:51 2005 : Info: Starting - reading configuration files ... > > 5977:error:0200100D:system library:fopen:Permission > > denied:bss_file.c:104:fopen('/etc/raddb/certs/demoCA/cacert.pem','r') > > 5977:error:2006D002:BIO routines:BIO_new_file:system lib:bss_file.c:109: > > 5977:error:0B084002:x509 certificate > > routines:X509_load_cert_crl_file:system lib:by_file.c:279: > > [root@p8806ux240 root]# > > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html 
|
Linear Mode
