Re: [RADIATOR] logfile permissions

Sun, 10 Apr 2011 22:45:56 -0700 

Hi Klara,

thanks for raising this issue.
It has now been fixed in the latest patch set.

Cheers.

On Monday 11 April 2011 09:14:05 am Klara Mall wrote:
> Hi,
>
> I noticed that there's a problem when you start radiator for the
> first time (i.e. with nonexistent logfile) and User is set to some
> non-root user. The logfile is created when radiator is still running
> as root (at least when debug log is enabled), so it's not writable
> anymore for the radiator process after the effective user id has
> been changed.
>
> What I did to fix it:
>
> --- a/Radius/ServerConfig.pm
> +++ b/Radius/ServerConfig.pm
> @@ -530,9 +530,24 @@
>             # Only change if it not the same already
>             if ($> != $uid)
>             {
> -               $> = $uid;
> -               $self->log($main::LOG_ERR, "Could not set User to
> $self->{User} (got $>): $!") -                   unless $> == $uid;
> +               # Try to change log file owner first if log file exists
> +               my $logfile =
> &Radius::Util::format_special($self->{LogFile}); +               if (-e
> $logfile) {
> +                   my $cnt = chown $uid, -1, $logfile;
> +                   if ($cnt == 1) {
> +                       $> = $uid;
> +                       $self->log($main::LOG_ERR, "Could not set User to
> $self->{User} (got $>): $!") +                           unless $> == $uid;
> +                   }
> +                   else {
> +                       $self->log($main::LOG_ERR, "Could not change log
> file $logfile owner to $self->{User}: $!"); +                   }
> +               }
> +               else {
> +                   $> = $uid;
> +                   $self->log($main::LOG_ERR, "Could not set User to
> $self->{User} (got $>): $!") +                       unless $> == $uid;
> +               }
>             }
>         }
>         else
>
>
> Regards
> Klara



-- 
Mike McCauley                               mi...@open.com.au
Open System Consultants Pty. Ltd
9 Bulbul Place Currumbin Waters QLD 4223 Australia   http://www.open.com.au
Phone +61 7 5598-7474                       Fax   +61 7 5598-7070

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
_______________________________________________
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator

Reply via email to