NAS info + MySQL

Marcin Jessa lists at yazzy.org
Tue Jun 7 10:38:43 CEST 2005


On Mon, 06 Jun 2005 21:41:22 -0400
"Alan DeKok" <aland at ox.org> wrote:


> #!/bin/sh
> [ -f /var/log/radius/radiusd.pid] && kill -HUP `cat /var/log/radius/radiusd.pid`
> 
>   It doesn't need to exec radiusd.

One more thing about this solution is you would need to either run radiusd as root or chown radiususer:radiusgroup the radius configs in order to be able to HUP radiusd.
Radius daemon is started as root and then switched to the unprivileged user defined in radiusd.conf
Radius will die if it gets signal HUP and the config files are not owned by the unprivileged user.
Having radius configs owned by unprivileged user increases security risk, since this will grant an attacker who manages to abuse the server access to change the configs...
Either way, sending -HUP signal to a running radius daemon seems like a bad idea.

Cheers,
Marcin



More information about the Freeradius-Users mailing list