Unable to start RADIUS (Permissions)

Smith, James james.smith at saabsensis.com
Wed Nov 15 18:49:02 CET 2017


Thanks Alan. 

I'm logged in as root and am starting radius as root. Root has read permissions to everything. 

/etc/raddb/mods-config/files
-rwxrwxr--  1 root radiusd 9656 Nov 15 16:03 authorize

Jim
-----Original Message-----
From: Freeradius-Users [mailto:freeradius-users-bounces+james.smith=saabsensis.com at lists.freeradius.org] On Behalf Of Alan Buxey
Sent: Wednesday, November 15, 2017 12:26 PM
To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Subject: Re: Unable to start RADIUS (Permissions)

Hi

Just ensure that all the files are readable by the user the Daemon runs as
- radiusd?

alan

On 15 Nov 2017 5:16 pm, "Smith, James" <james.smith at saabsensis.com> wrote:

> Hello,
> I've attached output from a radius -X command in a text file to 
> provide more information as to what's going on.
>
> I'm receiving the following error:
>  # Instantiating module "files" from file /etc/raddb/mods-enabled/files
>   files {
>         filename = "/etc/raddb/mods-config/files/authorize"
> Unable to open file "/etc/raddb/mods-config/files/authorize": 
> Permission denied
>   }
> /etc/raddb/mods-enabled/files[9]: Invalid configuration for module "files"
>
> For /etc/raddb/mods-config/files/authorize I tried to make the 
> permissions r-w-x for root and radius group and read for all other users...
> so 774 but I'm not having any luck getting radius to start. When I try 
> to give full permission for testing (777), I get the same error.
>
> I also tried to change /etc/raddb/mods-available/files to 777 just to 
> test and I receive the following:
>
> Configuration file /etc/raddb/mods-enabled/files is globally writable.
> Refusing to start due to insecure configuration.
> Errors reading or parsing /etc/raddb/radiusd.conf
>
> Makes sense since it's insecure.
>
> Hopefully there is enough information to pin point what's actually 
> going on.
>
> Thanks,
> Jim
>
> This message is intended only for the addressee and may contain 
> information that is company confidential or privileged. Any technical 
> data in this message may be exported only in accordance with the U.S.
> International Traffic in Arms Regulations (22 CFR Parts 120-130) or 
> the Export Administration Regulations (15 CFR Parts 730-774). 
> Unauthorized use is strictly prohibited and may be unlawful. If you 
> are not the intended recipient, or the person responsible for 
> delivering to the intended recipient, you should not read, copy, 
> disclose or otherwise use this message. If you have received this 
> email in error, please delete it, and advise the sender immediately.
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/ 
> list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
This message is intended only for the addressee and may contain information that is company confidential or privileged.  Any technical data in this message may be exported only in accordance with the U.S. International Traffic in Arms Regulations (22 CFR Parts 120-130) or the Export Administration Regulations (15 CFR Parts 730-774). Unauthorized use is strictly prohibited and may be unlawful. If you are not the intended recipient, or the person responsible for delivering to the intended recipient, you should not read, copy, disclose or otherwise use this message. If you have received this email in error, please delete it, and advise the sender immediately. 
-          



More information about the Freeradius-Users mailing list