Hi, I use daemontool's supervise to manage the RADIUS service, and have been doing it for years. Now that I am migrating freeradius to another server, I am using Centos6 RPM to install the software versus compiling from source, and I am getting the following: 2015-01-30 10:52:42.518 server backbone { # from file etc/sites-enabled/backbone 2015-01-30 10:52:42.518 modules { 2015-01-30 10:52:42.518 Module: Creating Auth-Type = digest 2015-01-30 10:52:42.518 Module: Checking authenticate {...} for more modules to load 2015-01-30 10:52:42.518 Module: Linked to module rlm_digest 2015-01-30 10:52:42.518 Module: Instantiating module "digest" from file etc/modules/digest 2015-01-30 10:52:42.518 Module: Checking authorize {...} for more modules to load 2015-01-30 10:52:42.518 Module: Instantiating module "files_backbone" from file etc/radiusd.conf 2015-01-30 10:52:42.518 files files_backbone { 2015-01-30 10:52:42.518 usersfile = "etc/backbone/users" 2015-01-30 10:52:42.518 acctusersfile = "etc/backbone/acct_users" 2015-01-30 10:52:42.518 preproxy_usersfile = "etc/backbone/preproxy_users" 2015-01-30 10:52:42.518 compat = "no" 2015-01-30 10:52:42.518 } 2015-01-30 10:52:42.518 etc/backbone/users[171]: Could not open included file /home/crm/local-users/monitor: Permission denied 2015-01-30 10:52:42.519 Errors reading etc/backbone/users 2015-01-30 10:52:42.519 etc/radiusd.conf[681]: Instantiation failed for module "files_backbone" 2015-01-30 10:52:42.519 etc/sites-enabled/backbone[177]: Failed to load module "files_backbone". 2015-01-30 10:52:42.519 etc/sites-enabled/backbone[87]: Errors parsing authorize section. After this, the program stops, and supervise tries again and again to restart, always failing here. I have double-checked permissions, and do not see where I could be denying [root@dhcp1 radius]# ls -ld /home drwxr-xr-x. 6 root root 4096 Jan 30 09:49 /home [root@dhcp1 radius]# ls -ld /home/crm/ drwxr-xr-x. 7 crm crm 4096 Jan 30 10:22 /home/crm/ [root@dhcp1 radius]# ls -ld /home/crm/local-users/ drwxr-xr-x. 2 crm crm 4096 Nov 17 2010 /home/crm/local-users/ [root@dhcp1 radius]# ls -l /home/crm/local-users/ total 28 -rw-r--r--. 1 crm crm 253 Oct 8 15:25 admin -rw-r--r--. 1 crm crm 252 Jan 21 2011 monitor -rw-r--r--. 1 crm crm 943 Oct 8 15:25 noc -rw-r--r--. 1 crm crm 131 Oct 8 15:25 ps -rw-r--r--. 1 crm crm 668 Oct 8 15:25 super_tech -rw-r--r--. 1 crm crm 436 Oct 8 15:25 vpn Now, when I execute the server from the command-line manually, the server starts out without problems: ... server backbone { # from file etc/sites-enabled/backbone modules { Module: Creating Auth-Type = digest Module: Checking authenticate {...} for more modules to load Module: Linked to module rlm_digest Module: Instantiating module "digest" from file etc/modules/digest Module: Checking authorize {...} for more modules to load Module: Instantiating module "files_backbone" from file etc/radiusd.conf files files_backbone { usersfile = "etc/backbone/users" acctusersfile = "etc/backbone/acct_users" preproxy_usersfile = "etc/backbone/preproxy_users" compat = "no" } Module: Checking preacct {...} for more modules to load Module: Checking accounting {...} for more modules to load Module: Checking session {...} for more modules to load Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load } # modules } # server ... Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on authentication address * port 1645 Listening on accounting address * port 1646 Ready to process requests. The only issue is that SELINUX is enabled. After I disabled SELINUX, and restarted the server, and now the service starts without issues. After looking at the audit log, I see that: type=AVC msg=audit(1422637776.619:4172): avc: denied { search } for pid=9101 comm="radiusd" name="home" dev=dm-0 ino=261125 scontext=system_u:system_r:radiusd_t:s0 tcontext=system_u:object_r:home_root_t:s0 tclass=dir type=SYSCALL msg=audit(1422637776.619:4172): arch=c000003e syscall=2 success=no exit=-13 a0=7fffedebf240 a1=0 a2=1b6 a3=0 items=0 ppid=31859 pid=9101 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="radiusd" exe="/usr/sbin/radiusd" subj=system_u:system_r:radiusd_t:s0 key=(null) So, access is being denied to /home. Since my SELINUX knowledge is limited, I will run with SELINUX disabled, but I still do not understand why it would block access only on non-interactive executions. Maybe there should be mention in the FAQ regarding configuration files residing inside /home, or that SELINUX can make the deamon fail to start due to targeted policies using non standard configuration settings. -- Jorge Valdes