Unable to start freerad with sudo

[Stanislav Lorenc]

Hi Hermann,

I add bash for www-data with same result
strace output for : strace /usr/sbin/freeradius -f

newfstatat(AT_FDCWD, "/etc/nsswitch.conf", {st_mode=S_IFREG|0644, 
st_size=494, ...}, 0) = 0
newfstatat(AT_FDCWD, "/etc/nsswitch.conf", {st_mode=S_IFREG|0644, 
st_size=494, ...}, 0) = 0
openat(AT_FDCWD, "/etc/group", O_RDONLY|O_CLOEXEC) = 3
newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=726, ...}, 
AT_EMPTY_PATH) = 0
lseek(3, 0, SEEK_SET)                   = 0
read(3, "root:x:0:\ndaemon:x:1:\nbin:x:2:\ns"..., 4096) = 726
read(3, "", 4096)                       = 0
close(3)                                = 0
*setgroups(4, [111, 33, 42, 108])        = -1 EPERM (Operation not 
permitted)*
futex(0x7f5c918ebd20, FUTEX_WAKE_PRIVATE, 2147483647) = 0
write(2, "radiusd: ERROR - Cannot initiali"..., 102radiusd: ERROR - 
Cannot initialize supplementary group list for user freerad: Operation 
not permitted
) = 102
capget({version=_LINUX_CAPABILITY_VERSION_3, pid=0}, NULL) = 0
capget({version=_LINUX_CAPABILITY_VERSION_3, pid=0}, {effective=0, 
permitted=0, inheritable=0}) = 0
futex(0x7f5c9187d5d8, FUTEX_WAKE_PRIVATE, 2147483647) = 0
exit_group(1)                           = ?
+++ exited with 1 +++

Thanks


> Hi Stanislav,
>
> On Thu, Jul 20, 2023 at 07:57:55AM +0200, Stanislav Lorenc wrote:
>> sudo -u www-data /usr/sbin/freeradius -f
>> radiusd: ERROR - Cannot initialize supplementary group list for user
>> freerad: Operation not permitted
>>
>> sudo -u www-data /usr/sbin/service freeradius start
>> Failed to start freeradius.service: Access denied
>> See system logs and 'systemctl status freeradius.service' for details.
> What are the details saying?
>
> You could try "su www-data" or "su www-data -" and then start the freeradius
> server to see which of the two steps fail.
>
> BTW: Using www-data as freeradius user looks very strange to me.
>
> Greetings
>    Hermann
>