Munin Graphs

[John Dennis]

On 10/14/2009 09:00 AM, Neville wrote:
>> Hi,
>>
>>> I've installed the freeradius_auth plugin
>>>
>>> added to plugins.conf
>>>
>>> [freeradius*]
>>> user root
>>>
>>> But still I get the following error when the plugin is run...
>>>
>>> radmin: Failed connecting to /usr/local/var/run/radiusd/radiusd.sock:
>>> Permission denied
>>
>> edit the munin/plugins/freeradius* files and put the correct user into
>> the RADMIN= part. you really should NEVER be using the root user -
>> simply use the user that you run radiusd as (once again, should never be
>> root) - check the radiusd.sock to see who/what owns it (ls -l
>> /usr/local/var/run/radiusd/radiusd.sock)
>
> Thx Alan, the problem is that the radiusd is owned by root, so not quite
> sure how to ensure at system startup that /etc/init.d/radiusd is actual
> run by the radiusd user in /etc/passwd.
>
> I've done a chown -R radiusd:radiusd on the programme and
> /usr/local/etc/raddb, but this the radiusd.sock file is owned by root.

Please read the comments in /etc/raddb/radiusd.conf concerning user and 
group. The line in the config files starts with:

"user/group: The name (or #number) of the user/group to run radiusd as"

You don't want to change the permissions the way you did. The correct 
behavior is for radiusd to be owned by root, the server needs root 
privileges when it starts up, but then it subsequently drops those 
privileges to what is specified in the config file.

I do seem to recall an issue where at start up the server had not yet 
dropped privileges when it created the domain socket, which it should. 
I'm sorry, I don't recall the resolution of that issue.

The correct behavior is for both the server and client trying to connect 
to the local domain socket to be the *same* user, normally radius or 
radiusd, each of these is specified in its respective config file.

-- 
John Dennis <jdennis at redhat.com>

Looking to carve out IT costs?
www.redhat.com/carveoutcosts/