radius.log permissions issue

Philip Molter hrunting at hrunting.org
Thu Jul 16 18:32:05 CEST 2009


John Dennis wrote:
> There are various strategies to assure the newly created log file has 
> the right ownership:
> 
> * drop privileges prior to calling fopen()
> * call chown() after fclose() at the exit of the logging call.
> * pre-create the file if necessary very early during start up.
> 
> I think the latter is preferable as it avoid the expense of setting or 
> checking for the right ownership for every log message emitted (ouch).

Attached is a patch that fixes the issue.  Given the way that freeradius 
checks for the ability to write to the logfile, it should perform like 
the latter (in my testing, it does exactly that).

The patch does a couple of things:

1) properly handles setuid changes in early configuration times
2) enables fr_suid_down/up/down_permanently noop calls so that compile 
works when HAVE_SETUID is not defined

Philip
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: freeradius-suid.patch
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090716/e339f0dc/attachment.ksh>


More information about the Freeradius-Users mailing list