Running radiusd as an unprivileged user
Andrey
andrey at latestwave.com
Thu Jun 2 15:24:53 CEST 2005
> Hi Andrey.
>
> Edit your radiusd.conf and uncomment:
> #user = nobody
> #group = nobody
done that.
> You can manually add new users the radius will run as. Propaly the
> easiest way is to run vipw and copy line from some other service,
> change the uid, gid and the username, edit /etc/group and put there
> your group as well.
have that.
> Something like this should do on FreeBSD:
> radiusd:*:101:101::0:0:Radius Daemon:/var/log/radius:/usr/sbin/nologin
>
> Or Linux
> radiusd:x:101:101:Radius Daemon:/var/log/radius:/bin/false
>
> and in /etc/group
> radiusd:*:101:
>
> chown -R radiusd:radiusd your log file and propaly the config files
chowned the log and config files.
> Then it should look something like:
>
> #ps auxww | grep rad
> radiusd 81708 0.0 1.0 9316 4944 ?? Ss 11:26PM 0:00.01
> /usr/local/sbin/radiusd
>
> Cheers,
> Marcin
>
RESULT: It looks like it's working, but it doesn't authenticate anybody. It
doesn't necessarily give an Access-Reject, but it also doesn't let anyone stay
online. Lets users log in and then kicks them off 15 seconds later. Any ideas?
Thanks for the suggestions.
>
> On Wed, 1 Jun 2005 16:49:37 -0400
> Andrey <andrey at latestwave.com> wrote:
>
>> Hi everyone,
>>
>> Just a quick question about running radiusd as a user other than
>> root. Do I need
>> to compile the server as that user? And do I need to do anything
>> else other than
>> uncomment the lines in radius.conf?
>>
>> Is there a help/doc file about this?
>>
>> Thanks a bunch.
>>
>> ========
>> Andrey
>>
>>
>>
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list