(RADIATOR) Permission deny on logfile when running as non root

Thu Jan 31 01:06:03 CST 2008

Hello Markus -

No - you will need to correctly set up the file and/or directory  
permissions first.

regards

Hugh

On 31 Jan 2008, at 09:44, Markus Moeller wrote:

> That is possible but I would expect the daemon to change the file  
> ownership before switching id.
>
> Thanks
> Markus
>
> ----- Original Message ----- From: "Hugh Irvine" <hugh at open.com.au>
> To: "Markus Moeller" <huaraz at moeller.plus.com>
> Cc: <radiator at open.com.au>
> Sent: Wednesday, January 30, 2008 9:45 PM
> Subject: Re: (RADIATOR) Permission deny on logfile when running as  
> non root
>
>
>>
>> Hello Markus -
>>
>> Here are a couple of suggestions:
>>
>> Make sure the logfile exists with the appropriate permissions  
>> before starting
>>
>> Set the umask of the Radiator process (or a parent), so that the   
>> logfile is
>> created with appropriate default permissions
>>
>> regards
>>
>> Hugh
>>
>>
>> On 31 Jan 2008, at 07:22, Markus Moeller wrote:
>>
>>> If I configure raditor to switch user and group to non root I  
>>> get  the following error when starting up the daemon. The  
>>> directory was  empty and my other logfiles (authlog, etc) are  
>>> created OK, whereas  this seems to be created when the process  
>>> has root privs and once  switched to non root can not access  
>>> anymore the logfile.
>>>
>>> Could not append 'Wed Jan 30 17:53:44 2008: DEBUG: Creating  
>>> authentication port 0.0.0.0:1645' to log file '/var/log/radius/  
>>> logfile': Permission
>>> denied at /usr/perl5/site_perl/5.8.4/Radius/LogFILE.pm line 81.
>>> Is that a configuration issue ?
>>>
>>> Thank you
>>> Markus
>>
>>
>>
>> NB:
>>
>> Have you read the reference manual ("doc/ref.html")?
>> Have you searched the mailing list archive (www.open.com.au/ 
>> archives/ radiator)?
>> Have you had a quick look on Google (www.google.com)?
>> Have you included a copy of your configuration file (no secrets),
>> together with a trace 4 debug showing what is happening?
>> Have you checked the RadiusExpert wiki:
>> http://www.open.com.au/wiki/index.php/Main_Page
>>
>> -- 
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>> Includes support for reliable RADIUS transport (RadSec),
>> and DIAMETER translation agent.
>> -
>> Nets: internetwork inventory and management - graphical, extensible,
>> flexible with hardware, software, platform and database independence.
>> -
>> CATool: Private Certificate Authority for Unix and Unix-like systems.
>>
>>
>> --
>> Archive at http://www.open.com.au/archives/radiator/
>> Announcements on radiator-announce at open.com.au
>> To unsubscribe, email 'majordomo at open.com.au' with
>> 'unsubscribe radiator' in the body of the message.
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.

NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.