Quantcast
FreeRADIUS Users

ownership change

classic Classic list List threaded Threaded
3 messages Options
now
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

ownership change

now
Upgrading from 2.1.1 to 2.1.3 on a Suse10.2 system and restarting radiusd with the identical configuration showed the following message:

We do not own /var/run/radiusd/radiusd.sock.

ls -l /var/run/radiusd/radiusd.sock
srw-rw---- 1 radiusd radiusd 0 12. Dez 16:18 /var/run/radiusd/radiusd.sock

That fits to the entries

user = radiusd
group = radiusd

in radiusd.conf.

Removing radiusd.sock and restarting radiusd solved the problem.

2.1.3 obviously changed the ownership:
ls -l /var/run/radiusd/radiusd.sock
srw-rw---- 1 root radiusd 0 12. Dez 16:20 /var/run/radiusd/radiusd.sock

Shouldn't the ownership still  be radiusd.radiusd ?

Norbert Wegener



-- 
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Norbert Wegener

Siemens IT Solutions and Services GmbH & Co. OHG
SIS GO GIO NW PSU2
Kruppstraße 16 
D-45128 Essen 

Phone     : +49 (0) 201 816-3116
Fax.      : +49 (0) 201 816-5581284
[hidden email]

Siemens IT Solutions and ServicesGmbH & Co. OHG
Offene Handelsgesellschaft, Sitz der Gesellschaft: München; Registergericht: München, HRA 69235;
Geschäftsführende Gesellschafterin: Siemens Business Services Beteiligungs-GmbH,  
Geschäftsführer: Christoph Kollatz, Vorsitzender; Jürgen Frischmuth, Michael Schulz-Drost;

Sitz der Gesellschaft: München; Registergericht: München, HRB 50462; 
Weitere Gesellschafter: Siemens Business Services Investment GmbH & Co.  KG,
Sitz der Gesellschaft: München; Registergericht: München, HRA 86893; 
Persönlich haftende Gesellschafterin der Siemens Business Services Investment GmbH & Co. KG: 

Siemens Business Services Beteiligungs-GmbH, Geschäftsführer: Christoph Kollatz, Vorsitzender; Jürgen Frischmuth, Michael Schulz-Drost; Sitz der Gesellschaft: München; Registergericht: München, HRB 50462 WEEE-Reg.Nr. DE 88294312



-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Alan DeKok-2
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: ownership change

Alan DeKok-2
Norbert Wegener wrote:
> Upgrading from 2.1.1 to 2.1.3 on a Suse10.2 system and restarting
> radiusd with the identical configuration showed the following message:
>
> We do not own /var/run/radiusd/radiusd.sock.

  Ah... a side effect of fixing the "run as unprivileged user", I think.

> Removing radiusd.sock and restarting radiusd solved the problem.
>
> 2.1.3 obviously changed the ownership:
> ls -l /var/run/radiusd/radiusd.sock
> srw-rw---- 1 root radiusd 0 12. Dez 16:20 /var/run/radiusd/radiusd.sock
>
> Shouldn't the ownership still  be radiusd.radiusd ?

  Yes.

  The issue is that the server was change to:

 - setuid to radiusd/radiusd
 - BUT remember "root"
 - start booting
 - switch back to root
 - open sockets (including ports < 1024) as root
 - when done opening sockets, switch back to radiusd/radiusd

  The issue is that the file "radiusd.sock" is now opened as root, and
therefore some of the previous logic to check ownerships is wrong.

  I'll commit a fix to the "stable" tree tomorrow.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Alan DeKok-2
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: ownership change

Alan DeKok-2
In reply to this post by now
Norbert Wegener wrote:
> Upgrading from 2.1.1 to 2.1.3 on a Suse10.2 system and restarting
> radiusd with the identical configuration showed the following message:
>
> We do not own /var/run/radiusd/radiusd.sock.

  OK.  I've committed a patch to the "stable" branch that fixes this.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Loading...
Powered by Nabble Edit this page