Error: Exec-Program: Permission Denied when running via service start

John Dennis jdennis at redhat.com
Tue Mar 29 21:16:56 CEST 2011


On 03/29/2011 03:09 PM, Christopher Athans wrote:
> Greetings all, I've been racking my brains out trying to solve/debug
> the following issue, hopefully someone can provide a new perspective.
>
> I've implemented mOTP as en external authentication program by
> defining it in radiusd.conf with a Program = "/etc/raddb/otpverify.sh"
> statement.
> As I said, it does indeed work properly, except, when I start the
> radiusd server up as a daemon via init.d
>
> radiusd -X   - Works properly
> service radiusd start or /etc/init.d/radiusd start FAILS
> sh /etc/init.d/radiusd start Works
>
> When it works properly, I get proper Accept Replys.  When it 'fails',
> its due to not being able to execute the script and this is logged in
> radius.log
> Error: Exec-Program: FAILED to execute /etc/raddb/otpverify.sh:
> Permission denied
>
> In all the above scenarios, I was root when executing the statements.
> I am *not* in a chroot jail, all the necessary directories are
> read/write by user 'radiusd' which is what the process is running as.
> I'm also using the init.d script that came with the CentOS package.
>
> My linux platform and freeradius information is as follows:
>
> CentOS 5.5 -  2.6.18-194.32.1.el5 #1 SMP  x86_64 GNU/Linux
> running  FreeRADIUS Version 2.1.7, for host x86_64-redhat-linux-gnu.
>
>
> Thanks for any assistance with this.

Is SELinux enabled?

% getenforce

If it's enforcing then set it to permissive mode

% setenforce 0

Now does it work? If so what were your recent AVC's in 
/var/log/audit/audit.log?

Not the problem? Then verify the script can run as the radiusd user.



-- 
John Dennis <jdennis at redhat.com>

Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



More information about the Freeradius-Users mailing list