[RADIATOR] logfile permissions

Mike McCauley mikem at open.com.au
Mon Apr 11 00:45:20 CDT 2011


Hi Klara,

thanks for raising this issue.
It has now been fixed in the latest patch set.

Cheers.

On Monday 11 April 2011 09:14:05 am Klara Mall wrote:
> Hi,
>
> I noticed that there's a problem when you start radiator for the
> first time (i.e. with nonexistent logfile) and User is set to some
> non-root user. The logfile is created when radiator is still running
> as root (at least when debug log is enabled), so it's not writable
> anymore for the radiator process after the effective user id has
> been changed.
>
> What I did to fix it:
>
> --- a/Radius/ServerConfig.pm
> +++ b/Radius/ServerConfig.pm
> @@ -530,9 +530,24 @@
>             # Only change if it not the same already
>             if ($> != $uid)
>             {
> -               $> = $uid;
> -               $self->log($main::LOG_ERR, "Could not set User to
> $self->{User} (got $>): $!") -                   unless $> == $uid;
> +               # Try to change log file owner first if log file exists
> +               my $logfile =
> &Radius::Util::format_special($self->{LogFile}); +               if (-e
> $logfile) {
> +                   my $cnt = chown $uid, -1, $logfile;
> +                   if ($cnt == 1) {
> +                       $> = $uid;
> +                       $self->log($main::LOG_ERR, "Could not set User to
> $self->{User} (got $>): $!") +                           unless $> == $uid;
> +                   }
> +                   else {
> +                       $self->log($main::LOG_ERR, "Could not change log
> file $logfile owner to $self->{User}: $!"); +                   }
> +               }
> +               else {
> +                   $> = $uid;
> +                   $self->log($main::LOG_ERR, "Could not set User to
> $self->{User} (got $>): $!") +                       unless $> == $uid;
> +               }
>             }
>         }
>         else
>
>
> Regards
> Klara



-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd
9 Bulbul Place Currumbin Waters QLD 4223 Australia   http://www.open.com.au
Phone +61 7 5598-7474                       Fax   +61 7 5598-7070

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.


More information about the radiator mailing list