Running as root to authenticate against system accounts..

Alan DeKok aland at ox.org
Thu Nov 10 21:08:21 CET 2005


Kevin Hanser <kevin at mica.net> wrote:
> So I changed my setup to run the radiusd daemon as root, and tested 
> again.  Sure enough, if radiusd is run as root, I can authenticate 
> against the system.

  Which is why the default is to run as root.  See the "user"
directive in radiusd.conf, and the comments above it.  The only thing
missing in the comments is that you might have to create a shadow
group, and make /etc/shadow readable by that group.

> So now my question is:  What security concerns should I have if I run 
> the radiusd as root?  Is there another way to do this that doesn't 
> require radiusd to run as root?

  See the comments in radiusd.conf.

  Alan DeKok.




More information about the Freeradius-Users mailing list