Alan DeKok <aland@deployingradius.com> writes:
Alan Buxey wrote:
hmm, command.c and auth.c appears to have been updated but still see no joy with 'radmin' as munin user (who is in radiusd group)
Mon Sep 5 15:55:04 2011 : Error: Unauthorized connection to /var/run/radiusd/radiusd.sock from gid 101
My guess is that the "get peer id" function is returning only *one* group. Munin is first part of the "munin" group, but secondly part of the "radmin" group. So... the sockets asks "which group is connecting", and gets told "munin".
I assume that's because the function uses the sockopt " SO_PEERCRED Return the credentials of the foreign process connected to this socket. This is only possible for connected AF_UNIX stream sockets and AF_UNIX stream and datagram socket pairs created using socketpair(2); see unix(7). The returned credentials are those that were in effect at the time of the call to connect(2) or socketpair(2). Argu‐ ment is a ucred structure. This socket option is read-only. " So how about just running 'sg radiusd radmin'? Would that work? And be an acceptable workaround? Bjørn