Many warnings about log file permissions

Arnaud LAURIOU arnaud.lauriou at renater.fr
Wed Aug 11 15:53:41 CEST 2021



On 8/11/21 3:32 PM, Alan DeKok wrote:
> On Aug 11, 2021, at 9:20 AM, Arnaud LAURIOU <arnaud.lauriou at renater.fr> wrote:
>> |Hi, We have many repeating log lines that complain about the permissions of the log file itself : Warning: File /var/log/freeradius/radius.log permissions are 0640 (rw-r-----) not 0600 (rw-------)) In our case this file needs to be readable by the group for statistics and other purposes. Is there any way to reduce this verbosity ? Regards, Arnaud |
>    The server doesn't complain about the permissions on the main "radius.log" file.
>
>    I suspect what you've done is to add a "linelog" module which *also* logs to the main radius.log file.  Please don't do that.  The main "radius.log" file is for the server core, and the code assumes that the server core has 100% ownership over that file.
You're right, we use linelog modules which log to the main radius.log file.
>
>    Having a module also log to the file may cause issues, such as lost messages, incorrect file locks, etc.
And yes we have sometimes in this file truncated logs, multiples logs on 
one line, etc.
>
>    Change the "linelog" configuration to log to a different file.  At that point, you can edit the "permissions" configuration of the linelog module to use "0640".  And the messages will go away.
Ok, we will do that.
Thank's for your quick response.
Arnaud


More information about the Freeradius-Users mailing list