Pre release of 2.1.12
Bjørn Mork
bjorn at mork.no
Mon Sep 5 20:30:44 CEST 2011
Alan DeKok <aland at deployingradius.com> writes:
> Alan Buxey wrote:
>> hmm, command.c and auth.c appears to have been updated but
>> still see no joy with 'radmin' as munin user (who is in radiusd group)
>>
>> Mon Sep 5 15:55:04 2011 : Error: Unauthorized connection to /var/run/radiusd/radiusd.sock from gid 101
>
> My guess is that the "get peer id" function is returning only *one*
> group. Munin is first part of the "munin" group, but secondly part of
> the "radmin" group. So... the sockets asks "which group is connecting",
> and gets told "munin".
I assume that's because the function uses the sockopt
"
SO_PEERCRED
Return the credentials of the foreign process connected to
this socket. This is only possible for connected AF_UNIX
stream sockets and AF_UNIX stream and datagram socket
pairs created using socketpair(2); see unix(7). The
returned credentials are those that were in effect at the
time of the call to connect(2) or socketpair(2). Argu‐
ment is a ucred structure. This socket option is
read-only.
"
So how about just running 'sg radiusd radmin'? Would that work? And be
an acceptable workaround?
Bjørn
More information about the Freeradius-Users
mailing list