rlm_counter: Failed to open file /etc/raddb/db.daily: Permission denied

Ted Lum freeradius.org at tedworld.com
Fri Nov 14 00:21:17 CET 2008 

The default user and group have not been modified.
The server DOES NOT run as root. It always starts as root, but changes 
its self.

...from radiusd.conf
#   We STRONGLY recommend that you run the server with as few permissions
#   as possible.  That is, if you're not using shadow passwords, the
#   user and group items below should be set to radius'.

 They are:

user = radiusd
group = radiusd

In fact, the db.daily file was created by the application and this is 
the sole reason for the file's ownership being what it is.

In addition I have moved the location to /tmp where everyone has 
permission and it still fails.

This is a ps after "service start radiusd":
UID        PID  PPID  C STIME TTY          TIME CMD
radiusd   6909     1  0 Nov12 ?        00:00:00 /usr/sbin/radiusd

This is a ps after "/usr/sbin/radiusd -X":
UID        PID  PPID  C STIME TTY          TIME CMD
radiusd   6998  6933  5 15:48 pts/0    00:00:00 /usr/sbin/radiusd -X

This is a ps after "strace /usr/sbin/radiusd":
UID        PID  PPID  C STIME TTY          TIME CMD
radiusd   7004     1  0 15:50 ?        00:00:00 /usr/sbin/radiusd

In all cases its running as radiusd.

So, any more ideas on how to fix this?

-Ted-

Alan DeKok wrote:
> Ted Lum wrote:
>   
>> Any idea how to fix this?
>>     
>
>   Don't edit the default configuration files to break them.
>
>   The default configuration files have the server running as root.
> You've changed that to a user who does NOT have permission to read the
> configuration files.
>
>   
>> Wed Nov 12 21:29:16 2008 : Error: rlm_counter: Failed to open file
>> /etc/raddb/db.daily: Permission denied
>>     
> ...
>   
>> /etc/raddb
>> -rw-------  1 radiusd radiusd 12312 Nov 12 21:29 db.daily
>>     
>
>   The server isn't running as user "radiusd/radiusd".  Fix that.
>
>   
>> This works:
>> # /usr/sbin/radiusd -X
>>     
>
>  Becuse you're running it as root.
>
>   
>> This works:
>> # strace /usr/sbin/radiusd
>>     
>
>   Because you're running it as root.
>
>   
>> This does not work:
>> # service radiusd start
>> Starting RADIUS server:                                    [FAILED]
>>     
>
>   Because it changes UID's, and does not run as root.
>
>   Alan DeKok.
>
>   


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the Freeradius-Users mailing list