(RADIATOR) Switch to non root id and logfile ownership

Markus Moeller huaraz at moeller.plus.com
Fri Feb 22 17:14:42 CST 2008 

----- Original Message ----- 
From: "Christian Kratzer" <ck-lists at cksoft.de>
To: "Markus Moeller" <huaraz at moeller.plus.com>
Cc: <radiator at open.com.au>
Sent: Friday, February 22, 2008 8:48 PM
Subject: Re: (RADIATOR) Switch to non root id and logfile ownership


> Hi,
>
> On Fri, 22 Feb 2008, Markus Moeller wrote:
>>
>>> Hi,
>>>
>>> On Thu, 21 Feb 2008, Markus Moeller wrote:
>>>
>>>> I think I mentioned before that I get access problems when starting as 
>>>> root and switch the user id. If I user variables in the logfile name it 
>>>> is very difficult to make sure at each restart that the files is first 
>>>> created with the right ownership.  I patched Util.pm to check the file 
>>>> ownership and change it when required before attempting to write to it.
>>>
>>> this generally happens when you start radiator as root in a trace level
>>> higher than 3 in which case raditor will log things before reaching the
>>> point where it switches the uid/gid.
>>>
>>> So this would normally not happen in a production environment where you
>>> run radiator in trace level 3 or lower.
>>>
>>>> Do you see a problem with it ?
>>>
>>> it should work in all trace levels. Have you checked that ?
>>
>> It is independant of the trace level. I check everytime when Radiator 
>> logs events.
>
> I was thinking specifically of the case were radiator tries to
> log something before it has read the config and thus parsed
> the user and group from the config.
>
> There are a couple of places in Radius::Configurable::parse where
> radiator writes to the log.  Radiator also loads perl modules on demand
> while parsing the config causing further code to be run.
>

Fair point. There could be such situations. Ideally just before changeing 
the uid/gid all already opened logfiles need to change ownership.

> Greetings
> Christian
>
> -- 
> Christian Kratzer                      CK Software GmbH
> Email:   ck at cksoft.de                  Schwarzwaldstr. 31
> Phone:   +49 7452 889 135              D-71131 Jettingen
> Fax:     +49 7452 889 136              HRB 245288, Amtsgericht Stuttgart
> Web:     http://www.cksoft.de/         Geschaeftsfuehrer: Christian 
> Kratzer
>

Thank you
Markus 


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list