ownership change
Alan DeKok
aland at deployingradius.com
Fri Dec 12 20:41:20 CET 2008
Norbert Wegener wrote:
> Upgrading from 2.1.1 to 2.1.3 on a Suse10.2 system and restarting
> radiusd with the identical configuration showed the following message:
>
> We do not own /var/run/radiusd/radiusd.sock.
Ah... a side effect of fixing the "run as unprivileged user", I think.
> Removing radiusd.sock and restarting radiusd solved the problem.
>
> 2.1.3 obviously changed the ownership:
> ls -l /var/run/radiusd/radiusd.sock
> srw-rw---- 1 root radiusd 0 12. Dez 16:20 /var/run/radiusd/radiusd.sock
>
> Shouldn't the ownership still be radiusd.radiusd ?
Yes.
The issue is that the server was change to:
- setuid to radiusd/radiusd
- BUT remember "root"
- start booting
- switch back to root
- open sockets (including ports < 1024) as root
- when done opening sockets, switch back to radiusd/radiusd
The issue is that the file "radiusd.sock" is now opened as root, and
therefore some of the previous logic to check ownerships is wrong.
I'll commit a fix to the "stable" tree tomorrow.
Alan DeKok.
More information about the Freeradius-Users
mailing list