radius.log permissions issue
Philip Molter
hrunting at hrunting.org
Sat Jul 18 01:05:14 CEST 2009
Alan DeKok wrote:
> Philip Molter wrote:
>> Attached is a patch that fixes the issue. Given the way that freeradius
>> checks for the ability to write to the logfile, it should perform like
>> the latter (in my testing, it does exactly that).
>>
>> The patch does a couple of things:
>>
>> 1) properly handles setuid changes in early configuration times
>
> OK.
>
>> 2) enables fr_suid_down/up/down_permanently noop calls so that compile
>> works when HAVE_SETUID is not defined
>
> That's needed, yes.
>
> I've committed a fix based on this that:
>
> a) does suid down earlier
> b) lets it build when HAVE_SETUID is not defined
> c) calls chown() on the log file to ensure it has the correct owner
Thanks Alan. I'll point out the HAVE_SETUID ifdef used within the
switch_users() function is redundant. The entire function is wrapped in
HAVE_SETUID.
Philip
More information about the Freeradius-Users
mailing list