rlm_counter: Failed to open file /etc/raddb/db.daily:, Permission denied

Ted Lum freeradius.org at tedworld.com
Sat Nov 15 00:49:04 CET 2008


SOLVED: Found the problem. Its the dreaded SELinux. Its tripping over 
one of the policies.

Ted Lum wrote:
> Wow, had to look at that for a while before I spotted the difference. 
> Mine, however, already uses {}, so that's not it either. Thanks though.
>
> -Ted-
>
> Romain Mercier wrote:
>> Hi,
>>
>> I got the same issue and I solved it modifying the file :
>> /usr/local/etc/raddb/radiusd.conf
>>
>> I replaced the line :
>> db_dir = $(raddbdir)
>>
>> By :
>> db_dir = ${raddbdir}
>>
>> I use freeRadius 2.0.5 on a freeBSD 6.3
>>
>>
>> freeradius-users-request at lists.freeradius.org a écrit :
>>> Message: 2
>>> Date: Thu, 13 Nov 2008 18:21:17 -0500
>>> From: Ted Lum <freeradius.org at tedworld.com>
>>> Subject: Re: rlm_counter: Failed to open file /etc/raddb/db.daily:
>>>     Permission    denied
>>> To: Alan DeKok <aland at deployingradius.com>
>>> Cc: FreeRadius users mailing list
>>>     <freeradius-users at lists.freeradius.org>
>>> Message-ID: <491CB66D.2080809 at tedworld.com>
>>> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>>>
>>> The default user and group have not been modified.
>>> The server DOES NOT run as root. It always starts as root, but 
>>> changes its self.
>>>
>>> ...from radiusd.conf
>>> #   We STRONGLY recommend that you run the server with as few 
>>> permissions
>>> #   as possible.  That is, if you're not using shadow passwords, the
>>> #   user and group items below should be set to radius'.
>>>
>>>  They are:
>>>
>>> user = radiusd
>>> group = radiusd
>>>
>>> In fact, the db.daily file was created by the application and this 
>>> is the sole reason for the file's ownership being what it is.
>>>
>>> In addition I have moved the location to /tmp where everyone has 
>>> permission and it still fails.
>>>
>>> This is a ps after "service start radiusd":
>>> UID        PID  PPID  C STIME TTY          TIME CMD
>>> radiusd   6909     1  0 Nov12 ?        00:00:00 /usr/sbin/radiusd
>>>
>>> This is a ps after "/usr/sbin/radiusd -X":
>>> UID        PID  PPID  C STIME TTY          TIME CMD
>>> radiusd   6998  6933  5 15:48 pts/0    00:00:00 /usr/sbin/radiusd -X
>>>
>>> This is a ps after "strace /usr/sbin/radiusd":
>>> UID        PID  PPID  C STIME TTY          TIME CMD
>>> radiusd   7004     1  0 15:50 ?        00:00:00 /usr/sbin/radiusd
>>>
>>> In all cases its running as radiusd.
>>>
>>> So, any more ideas on how to fix this?
>>>
>>> -Ted-
>>>
>>> Alan DeKok wrote:
>>>  
>>>> Ted Lum wrote:
>>>>      
>>>>> Any idea how to fix this?
>>>>>           
>>>>   Don't edit the default configuration files to break them.
>>>>
>>>>   The default configuration files have the server running as root.
>>>> You've changed that to a user who does NOT have permission to read the
>>>> configuration files.
>>>>
>>>>      
>>>>> Wed Nov 12 21:29:16 2008 : Error: rlm_counter: Failed to open file
>>>>> /etc/raddb/db.daily: Permission denied
>>>>>           
>>>> ...
>>>>      
>>>>> /etc/raddb
>>>>> -rw-------  1 radiusd radiusd 12312 Nov 12 21:29 db.daily
>>>>>           
>>>>   The server isn't running as user "radiusd/radiusd".  Fix that.
>>>>
>>>>      
>>>>> This works:
>>>>> # /usr/sbin/radiusd -X
>>>>>           
>>>>  Becuse you're running it as root.
>>>>
>>>>      
>>>>> This works:
>>>>> # strace /usr/sbin/radiusd
>>>>>           
>>>>   Because you're running it as root.
>>>>
>>>>      
>>>>> This does not work:
>>>>> # service radiusd start
>>>>> Starting RADIUS server:                                    [FAILED]
>>>>>           
>>>>   Because it changes UID's, and does not run as root.
>>>>
>>>>   Alan DeKok.
>>>>
>>>>       
>>>
>>>
>>>   
>>
>>
>> -- 
>>
>>
>>
>>     
>>
>> Romain Mercier
>>
>> Université d'Angers - Direction des Systèmes d'Infrormation
>> Service Systèmes et Réseaux
>> Tel/Fax : 02-41-22-67-62/51
>> @ : romain.mercier at univ-angers.fr
>>
>>
>> -- 
>> This message has been scanned for viruses and
>> dangerous content by *MailScanner* <http://www.mailscanner.info/>, 
>> and is
>> believed to be clean.
>> ------------------------------------------------------------------------
>>
>> -
>> List info/subscribe/unsubscribe? See 
>> http://www.freeradius.org/list/users.html
>
>


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.




More information about the Freeradius-Users mailing list