Unable to start freerad with sudo
Matthew Newton
mcn at freeradius.org
Thu Jul 20 09:51:04 UTC 2023
On 20/07/2023 09:07, Stanislav Lorenc wrote:
> i need to manage freeradius via web app. The web service must be able to
> handle the radius.
Running FreeRADIUS as the www-data user is really not a good idea.
Permitting www-data to even restart FreeRADIUS is likely unwise, but you
definitely don't need to run FreeRADIUS as the www-data user to do that.
The simplest way is to set up a script that sudo can run as www-data to
restart the radiusd service.
But really the question is why you would want to do that.
If you need the web application to manage FreeRADIUS, have it write into
a database, and get FreeRADIUS to query the data from there. Neither
need to interact with each other in any other way.
Don't run FreeRADIUS as www-data. It won't help, and will open up all
sorts of possible security issues.
--
Matthew
More information about the Freeradius-Users
mailing list