Linux Archive - Configure radius to run script under different user

Hi,

Â*

Thanks
for help on previous post. My startup script for Radius now works so it starts
at boot time, the script is in /etc/init.d and looks like this

Â*

#!/bin/sh

/usr/local/sbin/radiusd
-d /usr/local/var/log/radius/radacct/ -d /usr/local/etc/raddb/

Â*

After
rebooting radius starts up automatically which is what I want.

Â*

However
for security I donâ€™t want this to run under root, but I want to it run
under a user and group called â€˜supportâ€™

Â*

I have
edited the radius.conf file and added

Â*

#Â*
for some finer-grained access controls.

#

user
= support

group
= support

Â*

#Â*
max_request_time: The maximum time (in seconds) to handle a request.

Â*

So
this is to get radius to run under support.

Â*

If I run
radiusd â€“X from command line as user support, radius starts up fine.

Â*

However
if I run the startup script as user support from /etc/init.d by entering
#./start-my-radius.sh it comes up with error

upport@OXC-RPROXY-02:/etc/init.d$
./start-my-radius.sh

radiusd:
Cannot initialize supplementary group list for user support: Operation not
permitted

Â*

I
guess its something to do with permissions but I canâ€™t figure out what I need
to change? I just want this to work under user support, if Iâ€™m logged in
as root and run #./start-my-radius.sh it works fine and starts up radius.
However I have to amend radius.conf to get this to work via root login so it
looks like this

#user
= support

#group
= support

Â*

Â*

So
what have I missed?

Â*

The radius
files look like this

Â*

support@OXC-RPROXY-02:/usr/local/sbin$
ls -l

total
780

-rwxr-xr-x
1 support supportÂ* 36403 Oct 12 13:57 checkrad

-rwxr-xr-x
1 support support 619724 Oct 12 13:57 radiusd

-rwxr-xr-x
1 support support 115567 Oct 12 13:57 radmin

-rwxr-xr-x
1 support supportÂ* Â*1285 Oct 12 13:57 radwatch

-rwxr-xr-x
1 support supportÂ*Â* 2471 Oct 12 14:22 rc.radiusd

-rwxr-xr-x
1 support supportÂ*Â* 2506 Oct 12 14:22 rc.radiusdbkp

support@OXC-RPROXY-02:/usr/local/sbin$

Â*

This
is what it looks like when the script starts via root

Â*

support@OXC-RPROXY-02:/etc/init.d$
ps aux | grep radiusd

rootÂ*Â*Â*Â*
30712Â* 0.0Â* 0.2Â* 47080Â* 2744
?Â*Â*Â*Â*Â*Â*Â* SslÂ* 15:55Â*Â* 0:00
/usr/local/sbin/radiusd -d /usr/local/var/log/radius/radacct/ -d
/usr/local/etc/raddb/

supportÂ*
32505Â* 0.0Â* 0.0Â*Â* 2184Â*Â* 736
pts/0Â*Â*Â* S+Â*Â* 15:57Â*Â* 0:00 grep radiusd

Â*

OXC-RPROXY-02:/etc/init.d#
cd /usr/local/sbin

OXC-RPROXY-02:/usr/local/sbin#
ls -l

total
780

-rwxr-xr-x
1 support supportÂ* 36403 Oct 12 13:57 checkrad

-rwxr-xr-x
1 support support 619724 Oct 12 13:57 radiusd

-rwxr-xr-x
1 support support 115567 Oct 12 13:57 radmin

-rwxr-xr-x
1 support supportÂ*Â* 1285 Oct 12 13:57 radwatch

-rwxr-xr-x
1 support supportÂ*Â* 2471 Oct 12 14:22 rc.radiusd

-rwxr-xr-x
1 support supportÂ*Â* 2506 Oct 12 14:22 rc.radiusdbkp

Â*

Please
help!

------------------------------------------------------------------------------------------
This email and any attached files transmitted are confidential and intended solely
for the person or entity to whom it is addressed. If you received this email in error
you may not take action based on its contents, nor should you copy, print or show
this to anyone; instead please reply to the sender and highlight the error, then
delete the message from your system.

Please note that the content of e-mail sent and received may have to be disclosed
by the Council in response to a request for access to information.
-----------------------------------------------------------------------------------------

Sunderland is aiming to become the most liveable city in the UK.
Visit www.Sunderland.gov.uk for Council services and information.
Business investors can access www.Investinsunderland.co.uk
Visitors to the City should log onto www.Visitsunderland.com