Many warnings about log file permissions
aland at deployingradius.com
Wed Aug 11 15:32:15 CEST 2021
On Aug 11, 2021, at 9:20 AM, Arnaud LAURIOU <arnaud.lauriou at renater.fr> wrote:
> |Hi, We have many repeating log lines that complain about the permissions of the log file itself : Warning: File /var/log/freeradius/radius.log permissions are 0640 (rw-r-----) not 0600 (rw-------)) In our case this file needs to be readable by the group for statistics and other purposes. Is there any way to reduce this verbosity ? Regards, Arnaud |
The server doesn't complain about the permissions on the main "radius.log" file.
I suspect what you've done is to add a "linelog" module which *also* logs to the main radius.log file. Please don't do that. The main "radius.log" file is for the server core, and the code assumes that the server core has 100% ownership over that file.
Having a module also log to the file may cause issues, such as lost messages, incorrect file locks, etc.
Change the "linelog" configuration to log to a different file. At that point, you can edit the "permissions" configuration of the linelog module to use "0640". And the messages will go away.
All of this is configurable.
More information about the Freeradius-Users