FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 10-12-2010, 04:00 PM
"Jennie Kingsland"
 
Default Configure radius to run script under different user

Hi,


¬*


Thanks
for help on previous post. My startup script for Radius now works so it starts
at boot time, the script is in /etc/init.d and looks like this


¬*


#!/bin/sh


/usr/local/sbin/radiusd
-d /usr/local/var/log/radius/radacct/ -d /usr/local/etc/raddb/


¬*


After
rebooting radius starts up automatically which is what I want.


¬*


However
for security I don’t want this to run under root, but I want to it run
under a user and group called ‚Äėsupport‚Äô


¬*


I have
edited the radius.conf file and added


¬*


#¬*
for some finer-grained access controls.


#


user
= support


group
= support


¬*


#¬*
max_request_time: The maximum time (in seconds) to handle a request.


¬*


So
this is to get radius to run under support.


¬*


If I run
radiusd ‚ÄďX from command line as user support, radius starts up fine.


¬*


However
if I run the startup script as user support from /etc/init.d by entering
#./start-my-radius.sh it comes up with error


upport@OXC-RPROXY-02:/etc/init.d$
./start-my-radius.sh


radiusd:
Cannot initialize supplementary group list for user support: Operation not
permitted


¬*


I
guess its something to do with permissions but I can’t figure out what I need
to change? I just want this to work under user support, if I’m logged in
as root and run #./start-my-radius.sh it works fine and starts up radius.
However I have to amend radius.conf to get this to work via root login so it
looks like this


#user
= support


#group
= support


¬*


¬*


So
what have I missed?


¬*


The radius
files look like this


¬*


support@OXC-RPROXY-02:/usr/local/sbin$
ls -l


total
780


-rwxr-xr-x
1 support support¬* 36403 Oct 12 13:57 checkrad


-rwxr-xr-x
1 support support 619724 Oct 12 13:57 radiusd


-rwxr-xr-x
1 support support 115567 Oct 12 13:57 radmin


-rwxr-xr-x
1 support support¬* ¬*1285 Oct 12 13:57 radwatch


-rwxr-xr-x
1 support support¬*¬* 2471 Oct 12 14:22 rc.radiusd


-rwxr-xr-x
1 support support¬*¬* 2506 Oct 12 14:22 rc.radiusdbkp


support@OXC-RPROXY-02:/usr/local/sbin$


¬*


This
is what it looks like when the script starts via root


¬*


support@OXC-RPROXY-02:/etc/init.d$
ps aux | grep radiusd


root¬*¬*¬*¬*
30712¬* 0.0¬* 0.2¬* 47080¬* 2744
?¬*¬*¬*¬*¬*¬*¬* Ssl¬* 15:55¬*¬* 0:00
/usr/local/sbin/radiusd -d /usr/local/var/log/radius/radacct/ -d
/usr/local/etc/raddb/


support¬*
32505¬* 0.0¬* 0.0¬*¬* 2184¬*¬* 736
pts/0¬*¬*¬* S+¬*¬* 15:57¬*¬* 0:00 grep radiusd


¬*


OXC-RPROXY-02:/etc/init.d#
cd /usr/local/sbin


OXC-RPROXY-02:/usr/local/sbin#
ls -l


total
780


-rwxr-xr-x
1 support support¬* 36403 Oct 12 13:57 checkrad


-rwxr-xr-x
1 support support 619724 Oct 12 13:57 radiusd


-rwxr-xr-x
1 support support 115567 Oct 12 13:57 radmin


-rwxr-xr-x
1 support support¬*¬* 1285 Oct 12 13:57 radwatch


-rwxr-xr-x
1 support support¬*¬* 2471 Oct 12 14:22 rc.radiusd


-rwxr-xr-x
1 support support¬*¬* 2506 Oct 12 14:22 rc.radiusdbkp


¬*


Please
help!








------------------------------------------------------------------------------------------
This email and any attached files transmitted are confidential and intended solely
for the person or entity to whom it is addressed. If you received this email in error
you may not take action based on its contents, nor should you copy, print or show
this to anyone; instead please reply to the sender and highlight the error, then
delete the message from your system.

Please note that the content of e-mail sent and received may have to be disclosed
by the Council in response to a request for access to information.
-----------------------------------------------------------------------------------------

Sunderland is aiming to become the most liveable city in the UK.
Visit www.Sunderland.gov.uk for Council services and information.
Business investors can access www.Investinsunderland.co.uk
Visitors to the City should log onto www.Visitsunderland.com
 
Old 10-13-2010, 08:58 AM
Camaleůn
 
Default Configure radius to run script under different user

On Tue, 12 Oct 2010 17:00:36 +0100, Jennie Kingsland wrote:

Please, don't cross-post.

(...)

> If I run radiusd -X from command line as user support, radius starts up
> fine.
>
>
>
> However if I run the startup script as user support from /etc/init.d by
> entering #./start-my-radius.sh it comes up with error
>
> upport@OXC-RPROXY-02:/etc/init.d$ ./start-my-radius.sh
>
> radiusd: Cannot initialize supplementary group list for user support:
> Operation not permitted

Know nothing about radius, but "radiusd.confĻ" seems to say that radius
server has to be started by root user if you change the default user/
group, although after that, it drops its perms and uses the user-defined
ones.

Ļ http://wiki.freeradius.org/Radiusd.conf

Greetings,

--
Camaleůn


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: pan.2010.10.13.08.58.17@gmail.com">http://lists.debian.org/pan.2010.10.13.08.58.17@gmail.com
 

Thread Tools




All times are GMT. The time now is 11:35 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org