Pre release of 2.1.12

Bjørn Mork bjorn at mork.no
Mon Sep 5 20:30:44 CEST 2011


Alan DeKok <aland at deployingradius.com> writes:
> Alan Buxey wrote:
>> hmm, command.c and auth.c appears to have been updated but
>> still see no joy with 'radmin' as munin user (who is in radiusd group)
>> 
>> Mon Sep  5 15:55:04 2011 : Error: Unauthorized connection to /var/run/radiusd/radiusd.sock from gid 101
>
>   My guess is that the "get peer id" function is returning only *one*
> group.  Munin is first part of the "munin" group, but secondly part of
> the "radmin" group.  So... the sockets asks "which group is connecting",
> and gets told "munin".

I assume that's because the function uses the sockopt
"
       SO_PEERCRED
              Return the credentials of the foreign process connected to
              this socket.  This is only possible for connected AF_UNIX
              stream sockets and AF_UNIX stream and datagram socket
              pairs created using socketpair(2); see unix(7).  The
              returned credentials are those that were in effect at the
              time of the call to connect(2) or socketpair(2).  Argu‐
              ment is a ucred structure.  This socket option is
              read-only.
"

So how about just running 'sg radiusd radmin'?  Would that work?  And be
an acceptable workaround?


Bjørn





More information about the Freeradius-Users mailing list