Run as non-privileged user

Alan DeKok aland at
Mon May 5 07:43:08 CEST 2008

Lemaster, Rob wrote:
> Some documentation I've read recommends running FreeRADIUS as user=radius group=radius. It said that you shouldn't use "nobody" because that is reserved for a special purpose (I think it was the Hassel book).

  You should run it as radius/radius.  The problem with using "nobody"
is that all of the other un-privileged accounts will then be able to
read the radius configuation.

> Around line 116 of radiusd.conf, I found the option for "user/group", but the instructions say that you must be root to start the server. If I change this setting, will it prevent the server from starting?

  Start it as root, and it will switch to the user/group you supply.

> What is the official recommended way of running FreeRADIUS as a non-root user?

  user/group = radius/radius
  start it as root.  It will switch uid/gid.

  Alan DeKok.

More information about the Freeradius-Users mailing list