Unable to start freerad with sudo

Anatoliy cphlpd at gmail.com
Thu Jul 20 08:25:19 UTC 2023 

Hi , how user and group options configured in radiusd.conf ?

On Thu, Jul 20, 2023 at 2:17 PM Stanislav Lorenc <
stanislav.lorenc at cernovice.net> wrote:

> Hi Hermann,
>
> I add bash for www-data with same result
> strace output for : strace /usr/sbin/freeradius -f
>
> newfstatat(AT_FDCWD, "/etc/nsswitch.conf", {st_mode=S_IFREG|0644,
> st_size=494, ...}, 0) = 0
> newfstatat(AT_FDCWD, "/etc/nsswitch.conf", {st_mode=S_IFREG|0644,
> st_size=494, ...}, 0) = 0
> openat(AT_FDCWD, "/etc/group", O_RDONLY|O_CLOEXEC) = 3
> newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=726, ...},
> AT_EMPTY_PATH) = 0
> lseek(3, 0, SEEK_SET)                   = 0
> read(3, "root:x:0:\ndaemon:x:1:\nbin:x:2:\ns"..., 4096) = 726
> read(3, "", 4096)                       = 0
> close(3)                                = 0
> *setgroups(4, [111, 33, 42, 108])        = -1 EPERM (Operation not
> permitted)*
> futex(0x7f5c918ebd20, FUTEX_WAKE_PRIVATE, 2147483647) = 0
> write(2, "radiusd: ERROR - Cannot initiali"..., 102radiusd: ERROR -
> Cannot initialize supplementary group list for user freerad: Operation
> not permitted
> ) = 102
> capget({version=_LINUX_CAPABILITY_VERSION_3, pid=0}, NULL) = 0
> capget({version=_LINUX_CAPABILITY_VERSION_3, pid=0}, {effective=0,
> permitted=0, inheritable=0}) = 0
> futex(0x7f5c9187d5d8, FUTEX_WAKE_PRIVATE, 2147483647) = 0
> exit_group(1)                           = ?
> +++ exited with 1 +++
>
> Thanks
>
>
> > Hi Stanislav,
> >
> > On Thu, Jul 20, 2023 at 07:57:55AM +0200, Stanislav Lorenc wrote:
> >> sudo -u www-data /usr/sbin/freeradius -f
> >> radiusd: ERROR - Cannot initialize supplementary group list for user
> >> freerad: Operation not permitted
> >>
> >> sudo -u www-data /usr/sbin/service freeradius start
> >> Failed to start freeradius.service: Access denied
> >> See system logs and 'systemctl status freeradius.service' for details.
> > What are the details saying?
> >
> > You could try "su www-data" or "su www-data -" and then start the
> freeradius
> > server to see which of the two steps fail.
> >
> > BTW: Using www-data as freeradius user looks very strange to me.
> >
> > Greetings
> >    Hermann
> >
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>

More information about the Freeradius-Users mailing list