rlm_counter: Failed to open file /etc/raddb/db.daily:, Permission denied

Ted Lum freeradius.org at tedworld.com
Sat Nov 15 00:25:05 CET 2008


Wow, had to look at that for a while before I spotted the difference. 
Mine, however, already uses {}, so that's not it either. Thanks though.

-Ted-

Romain Mercier wrote:
> Hi,
>
> I got the same issue and I solved it modifying the file :
> /usr/local/etc/raddb/radiusd.conf
>
> I replaced the line :
> db_dir = $(raddbdir)
>
> By :
> db_dir = ${raddbdir}
>
> I use freeRadius 2.0.5 on a freeBSD 6.3
>
>
> freeradius-users-request at lists.freeradius.org a écrit :
>> Message: 2
>> Date: Thu, 13 Nov 2008 18:21:17 -0500
>> From: Ted Lum <freeradius.org at tedworld.com>
>> Subject: Re: rlm_counter: Failed to open file /etc/raddb/db.daily:
>> 	Permission	denied
>> To: Alan DeKok <aland at deployingradius.com>
>> Cc: FreeRadius users mailing list
>> 	<freeradius-users at lists.freeradius.org>
>> Message-ID: <491CB66D.2080809 at tedworld.com>
>> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>>
>> The default user and group have not been modified.
>> The server DOES NOT run as root. It always starts as root, but changes 
>> its self.
>>
>> ...from radiusd.conf
>> #   We STRONGLY recommend that you run the server with as few permissions
>> #   as possible.  That is, if you're not using shadow passwords, the
>> #   user and group items below should be set to radius'.
>>
>>  They are:
>>
>> user = radiusd
>> group = radiusd
>>
>> In fact, the db.daily file was created by the application and this is 
>> the sole reason for the file's ownership being what it is.
>>
>> In addition I have moved the location to /tmp where everyone has 
>> permission and it still fails.
>>
>> This is a ps after "service start radiusd":
>> UID        PID  PPID  C STIME TTY          TIME CMD
>> radiusd   6909     1  0 Nov12 ?        00:00:00 /usr/sbin/radiusd
>>
>> This is a ps after "/usr/sbin/radiusd -X":
>> UID        PID  PPID  C STIME TTY          TIME CMD
>> radiusd   6998  6933  5 15:48 pts/0    00:00:00 /usr/sbin/radiusd -X
>>
>> This is a ps after "strace /usr/sbin/radiusd":
>> UID        PID  PPID  C STIME TTY          TIME CMD
>> radiusd   7004     1  0 15:50 ?        00:00:00 /usr/sbin/radiusd
>>
>> In all cases its running as radiusd.
>>
>> So, any more ideas on how to fix this?
>>
>> -Ted-
>>
>> Alan DeKok wrote:
>>   
>>> Ted Lum wrote:
>>>   
>>>     
>>>> Any idea how to fix this?
>>>>     
>>>>       
>>>   Don't edit the default configuration files to break them.
>>>
>>>   The default configuration files have the server running as root.
>>> You've changed that to a user who does NOT have permission to read the
>>> configuration files.
>>>
>>>   
>>>     
>>>> Wed Nov 12 21:29:16 2008 : Error: rlm_counter: Failed to open file
>>>> /etc/raddb/db.daily: Permission denied
>>>>     
>>>>       
>>> ...
>>>   
>>>     
>>>> /etc/raddb
>>>> -rw-------  1 radiusd radiusd 12312 Nov 12 21:29 db.daily
>>>>     
>>>>       
>>>   The server isn't running as user "radiusd/radiusd".  Fix that.
>>>
>>>   
>>>     
>>>> This works:
>>>> # /usr/sbin/radiusd -X
>>>>     
>>>>       
>>>  Becuse you're running it as root.
>>>
>>>   
>>>     
>>>> This works:
>>>> # strace /usr/sbin/radiusd
>>>>     
>>>>       
>>>   Because you're running it as root.
>>>
>>>   
>>>     
>>>> This does not work:
>>>> # service radiusd start
>>>> Starting RADIUS server:                                    [FAILED]
>>>>     
>>>>       
>>>   Because it changes UID's, and does not run as root.
>>>
>>>   Alan DeKok.
>>>
>>>   
>>>     
>>
>>
>>   
>
>
> -- 
>
>
>
> 	
>
> Romain Mercier
>
> Université d'Angers - Direction des Systèmes d'Infrormation
> Service Systèmes et Réseaux
> Tel/Fax : 02-41-22-67-62/51
> @ : romain.mercier at univ-angers.fr
>
>
> -- 
> This message has been scanned for viruses and
> dangerous content by *MailScanner* <http://www.mailscanner.info/>, and is
> believed to be clean.
> ------------------------------------------------------------------------
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.




More information about the Freeradius-Users mailing list