(RADIATOR) security question with separate account running radiator

Patrick Muldoon (NOC) noc at inoc.net
Thu Jul 3 07:02:47 CDT 2003


On Thursday 03 July 2003 04:47 am, Foo Donald (Products O2) wrote:
> Hi there,
> I have some question about the security in radiator.
> 2. The only problem is the SNMP Agent not up when I start, as I remember
> the SNMP agent file was installed with root, Any idea on this?
>
> Error:
>   creating socket: Permission denied
>  at Radius/SNMPAgent.pm line 518
> Thu Jul  3 16:30:50 2003: ERR: Could not open SNMP Agent port 161 on
> 0.0.0.0:

Ports < 1024 can only be opened by root, so there is your problem.  I am 
assuming you can configure your snmp agent to listen on a non-standard port 
10161 for example.   Then you would have to configure anything that queries it 
to go to that port instead.  

Another option is to have it listen on the non-standard port and use 
(iptables|ipchains|ipfw|...) to forward all requests on 161 to the port you 
set it up to listen on.  

Never tried it with snmp, but have done it with other services that I didn't 
want to run as root, YMMV. 

Hope that helps, 
-Patrick 
-- 
Patrick Muldoon
Network/Software Engineer
INOC (http://www.inoc.net)
PGPKEY (http://www.inoc.net/~doon)
Key fingerprint = 8F70 6306 F0A7 B8DA BA95  76C4 606A 7DC1 370D 752C

Regarding security, WindowsNT is an OS with a 'Kick me' sign stuck on it's 
back.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list