Permission Denied buffered Sql

Arnab Roy arnabroy at mail.com
Tue Jan 10 20:22:34 CET 2017


   Hi Alan,
   Thank you for pushing me in the right direction much appreciated. Seems
   ok now one colleagues had changed the file permissions in the detail
   module :( ..

   As a secondary question it seems its not capable of logging post-auth
   detail log such as a reject ? Is is not supported ? We have a need to
   log all access requests including rejects into the db , just scared
   that it will tank FR when put into production as Mysql will struggle to
   keep up with it so didnt directly want to call sql.

   Any suggestions are welcome.

   Many Thanks
   Arnab



   Sent: Tuesday, January 10, 2017 at 7:02 PM
   From: "Alan DeKok" <aland at deployingradius.com>
   To: "FreeRadius users mailing list"
   <freeradius-users at lists.freeradius.org>
   Subject: Re: Permission Denied buffered Sql
   On Jan 10, 2017, at 1:05 PM, Arnab Roy <arnabroy at mail.com> wrote:
   >
   > I just enabled buffered sql on my server everything seems to be
   working
   > but I am getting flooded with messages as such and I dont think
   > accounting events are being picked up.
   >
   > FR 3.0.11
   >
   > Failed opening detail file /var/log/radius/radacct/detail.work:
   > Permission denied
   Blame the OS. You've set up the server so that it can't read the files
   it's writing.
   What UID is the server running under?
   > detail (/var/log/radius/radacct/detail*): Detail listener state
   > unopened waiting 0.790671 sec
   >
   > I have tried all sorts of permissions on the /var/log/radius folder ,
   > it seems like as soon as the detail file is created by FR the errors
   > starts appearing
   Setting random permissions doesn't help. You need to know what UID is
   being used, and also what the permissions are on the directory.
   > The permissions are as follows:
   >
   > [root at radius radius]# ls -l /var/log/radius/radacct
   > total 8
   > --wxr----t 1 radiusd radiusd 1605 Jan 10 17:59 detail-20170110
   > --wxr----t 1 radiusd radiusd 1710 Jan 10 17:56 detail.work
   That's... weird. It has permission to write the file, but not to read
   it? And why is the sticky bit set?
   You've done something to your system to break the permissions. Maybe
   you've set "umask" to a bizarre value. And perhaps broken the
   permissions on /var/log/radius and /var/log/radius/radacct
   When the server is installed / run for the first time, it creates the
   "radacct" directory, with the correct permissions. There should be no
   need to change the permissions to "fix" them.
   You'll need to find out what UID the server is running as, and then set
   the correct permissions on *all* of the directories. "chmod o+rwx" on
   the directories should do it.
   Alan DeKok.
   -
   List info/subscribe/unsubscribe? See
   [1]http://www.freeradius.org/list/users.html

References

   1. http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list