Run as non-privileged user
Alan DeKok
aland at deployingradius.com
Mon May 5 07:43:08 CEST 2008
Lemaster, Rob wrote:
> Some documentation I've read recommends running FreeRADIUS as user=radius group=radius. It said that you shouldn't use "nobody" because that is reserved for a special purpose (I think it was the Hassel book).
You should run it as radius/radius. The problem with using "nobody"
is that all of the other un-privileged accounts will then be able to
read the radius configuation.
> Around line 116 of radiusd.conf, I found the option for "user/group", but the instructions say that you must be root to start the server. If I change this setting, will it prevent the server from starting?
Start it as root, and it will switch to the user/group you supply.
> What is the official recommended way of running FreeRADIUS as a non-root user?
user/group = radius/radius
start it as root. It will switch uid/gid.
Alan DeKok.
More information about the Freeradius-Users
mailing list