Permission Denied buffered Sql
arnabroy at mail.com
Tue Jan 10 20:22:34 CET 2017
Thank you for pushing me in the right direction much appreciated. Seems
ok now one colleagues had changed the file permissions in the detail
module :( ..
As a secondary question it seems its not capable of logging post-auth
detail log such as a reject ? Is is not supported ? We have a need to
log all access requests including rejects into the db , just scared
that it will tank FR when put into production as Mysql will struggle to
keep up with it so didnt directly want to call sql.
Any suggestions are welcome.
Sent: Tuesday, January 10, 2017 at 7:02 PM
From: "Alan DeKok" <aland at deployingradius.com>
To: "FreeRadius users mailing list"
<freeradius-users at lists.freeradius.org>
Subject: Re: Permission Denied buffered Sql
On Jan 10, 2017, at 1:05 PM, Arnab Roy <arnabroy at mail.com> wrote:
> I just enabled buffered sql on my server everything seems to be
> but I am getting flooded with messages as such and I dont think
> accounting events are being picked up.
> FR 3.0.11
> Failed opening detail file /var/log/radius/radacct/detail.work:
> Permission denied
Blame the OS. You've set up the server so that it can't read the files
What UID is the server running under?
> detail (/var/log/radius/radacct/detail*): Detail listener state
> unopened waiting 0.790671 sec
> I have tried all sorts of permissions on the /var/log/radius folder ,
> it seems like as soon as the detail file is created by FR the errors
> starts appearing
Setting random permissions doesn't help. You need to know what UID is
being used, and also what the permissions are on the directory.
> The permissions are as follows:
> [root at radius radius]# ls -l /var/log/radius/radacct
> total 8
> --wxr----t 1 radiusd radiusd 1605 Jan 10 17:59 detail-20170110
> --wxr----t 1 radiusd radiusd 1710 Jan 10 17:56 detail.work
That's... weird. It has permission to write the file, but not to read
it? And why is the sticky bit set?
You've done something to your system to break the permissions. Maybe
you've set "umask" to a bizarre value. And perhaps broken the
permissions on /var/log/radius and /var/log/radius/radacct
When the server is installed / run for the first time, it creates the
"radacct" directory, with the correct permissions. There should be no
need to change the permissions to "fix" them.
You'll need to find out what UID the server is running as, and then set
the correct permissions on *all* of the directories. "chmod o+rwx" on
the directories should do it.
List info/subscribe/unsubscribe? See
More information about the Freeradius-Users