Error: Exec-Program: Permission Denied when running via service start
Christopher Athans
cathans at gmail.com
Tue Mar 29 21:20:59 CEST 2011
*sigh* it was indeed SELinux. I thought it had it disabled. Still
not exactly sure why when I wrapped the init.d statement with a 'sh'
it works, but nevertheless you solved my issue. Thanks John.
On Tue, Mar 29, 2011 at 2:16 PM, John Dennis <jdennis at redhat.com> wrote:
> On 03/29/2011 03:09 PM, Christopher Athans wrote:
>>
>> Greetings all, I've been racking my brains out trying to solve/debug
>> the following issue, hopefully someone can provide a new perspective.
>>
>> I've implemented mOTP as en external authentication program by
>> defining it in radiusd.conf with a Program = "/etc/raddb/otpverify.sh"
>> statement.
>> As I said, it does indeed work properly, except, when I start the
>> radiusd server up as a daemon via init.d
>>
>> radiusd -X - Works properly
>> service radiusd start or /etc/init.d/radiusd start FAILS
>> sh /etc/init.d/radiusd start Works
>>
>> When it works properly, I get proper Accept Replys. When it 'fails',
>> its due to not being able to execute the script and this is logged in
>> radius.log
>> Error: Exec-Program: FAILED to execute /etc/raddb/otpverify.sh:
>> Permission denied
>>
>> In all the above scenarios, I was root when executing the statements.
>> I am *not* in a chroot jail, all the necessary directories are
>> read/write by user 'radiusd' which is what the process is running as.
>> I'm also using the init.d script that came with the CentOS package.
>>
>> My linux platform and freeradius information is as follows:
>>
>> CentOS 5.5 - 2.6.18-194.32.1.el5 #1 SMP x86_64 GNU/Linux
>> running FreeRADIUS Version 2.1.7, for host x86_64-redhat-linux-gnu.
>>
>>
>> Thanks for any assistance with this.
>
> Is SELinux enabled?
>
> % getenforce
>
> If it's enforcing then set it to permissive mode
>
> % setenforce 0
>
> Now does it work? If so what were your recent AVC's in
> /var/log/audit/audit.log?
>
> Not the problem? Then verify the script can run as the radiusd user.
>
>
>
> --
> John Dennis <jdennis at redhat.com>
>
> Looking to carve out IT costs?
> www.redhat.com/carveoutcosts/
>
More information about the Freeradius-Users
mailing list