Can't start Freeradius with non-root user
Alan DeKok
aland at deployingradius.com
Wed Jun 29 20:52:38 CEST 2016
On Jun 29, 2016, at 1:33 PM, Jeanderson Soares <ssjeanderson at gmail.com> wrote:
> I'm having a problem when running freeradius with a non-root user/group.
> The service can't start because of permissions on log and pid files.
> When started in debug mode, the service starts and works fine, but fails in
> production:
>
> # radiusd
> radiusd: Failed to open log file /usr/local/var/log/radius/radius.log:
> Permission denied
The default installation of the server creates the correct permissions. SO that should work.
> Changed the folder owner, but still got same error
> # chown -R radius:radius /usr/local/var/log/radius/
And what does "radiusd.conf" have for "user" and "group"? Is it "radius", or something else?
> Cheking de log file, happens the same with the pid file:
> Error: Failed creating PID file /usr/local/var/run/radiusd/radiusd.pid:
> Permission denied
Again, the default installation works.
> Again, changed the folder owner, but still got same error
> # chown -R radius:radius /usr/local/var/run/radiusd/
>
> Running with commented user and group options, the service works fine.
>
> I'm on Debian 8.0.3 and Freeradius 3.0.11
>
> Freeradius was compiled with default options.
>
> The user was created with:
> useradd -r -d /usr/local/etc/raddb/ -s /bin/false radius
If you're on Debian, either:
a) use the default install. it works
or
b) create a debian package, and install that. It also works.
It looks like you edited radiusd.conf to have a different user than normal, but didn't set the permissions correctly. Don't do that.
Alan DeKok.
More information about the Freeradius-Users
mailing list