Radrelay and detail file permissions

Ben Plimpton bplimpton at sopris.net
Fri Mar 31 21:17:39 CEST 2006 

I have setup radius to log detail files for radrelay to use.  I think
that I followed the documentation exactly except for the name of the
detail file.

detail detail-combined {
                detailfile = ${radacctdir}/detail-combined
                detailperm = 0600
                dirperm = 0755
                locking = yes
        }

accounting {
        detail
        detail-combined
	}

FreeRadius logs to this file properly if I don't startup radrelay and
the permissions remain as I would expect they should:

-rw-------  1 radiusd radiusd 1166 Mar 31 12:02 detail-combined

But when I start radrelay the permissions change:

[root at ns1-new radacct]# radrelay -a /var/log/radius/radacct \
-d /etc/raddb -n ns2-new detail-combined

[root at ns1-new radacct]# ls -la total 44
drwx------  9 radiusd radiusd 4096 Mar 31 12:08 .
drwx------  3 radiusd radiusd 4096 Mar 31 12:02 ..
drwxr-xr-x  2 radiusd radiusd 4096 Mar 31 11:42 127.0.0.1
drwxr-xr-x  2 radiusd radiusd 4096 Mar 17 16:17 216.17.128.39
drwxr-xr-x  2 radiusd radiusd 4096 Feb  7 00:30 216.237.65.2
drwxr-xr-x  2 radiusd radiusd 4096 Mar 31 00:00 216.237.67.198
drwxr-xr-x  2 radiusd radiusd 4096 Mar 31 09:34 216.237.67.217
drwxr-xr-x  2 radiusd radiusd 4096 Feb 14 09:49 216.237.72.66
drwxr-xr-x  2 radiusd radiusd 4096 Mar 31 10:39 216.237.77.3
-rw-------  1 root    root       0 Mar 31 12:08 detail-combined
[root at ns1-new radacct]#

I start getting error like this in my radius.log which I would expect
with the file permissions the way they are and radiusd cannot log to the
detail file properly and as a result, radrelay cannot send the
accounting request to the remote server:

Fri Mar 31 12:11:13 2006 : Error: rlm_detail: Couldn't open
file /var/log/radius/radacct/detail-combined: Permission denied

Am I missing something with the way I am starting up radrelay?  Or are
there permissions that I need to check somewhere else?  

Should radrelay be run as user radiusd?  If so, how would I do that?

Also.  My system is running Fedora Core 4 - FreeRadius Ver 1.0.4

Any help is greatly appreciated. Thanks


-- 
"Microsoft is not the answer, it's the question.  NO is the answer."

Ben Plimpton
Network Engineer
bplimpton at sopris.net
970-963-SURF(7873) ext 5174
www.sopris.com

More information about the Freeradius-Users mailing list