radius.log permissions issue

Philip Molter hrunting at hrunting.org
Sat Jul 18 01:05:14 CEST 2009


Alan DeKok wrote:
> Philip Molter wrote:
>> Attached is a patch that fixes the issue.  Given the way that freeradius
>> checks for the ability to write to the logfile, it should perform like
>> the latter (in my testing, it does exactly that).
>>
>> The patch does a couple of things:
>>
>> 1) properly handles setuid changes in early configuration times
> 
>   OK.
> 
>> 2) enables fr_suid_down/up/down_permanently noop calls so that compile
>> works when HAVE_SETUID is not defined
> 
>   That's needed, yes.
> 
>   I've committed a fix based on this that:
> 
> a) does suid down earlier
> b) lets it build when HAVE_SETUID is not defined
> c) calls chown() on the log file to ensure it has the correct owner

Thanks Alan.  I'll point out the HAVE_SETUID ifdef used within the 
switch_users() function is redundant.  The entire function is wrapped in 
HAVE_SETUID.

Philip



More information about the Freeradius-Users mailing list