Hi, Thanks
for help on previous post. My startup script for Radius now works so it starts
at boot time, the script is in /etc/init.d and looks like this #!/bin/sh /usr/local/sbin/radiusd
-d /usr/local/var/log/radius/radacct/ -d /usr/local/etc/raddb/ After
rebooting radius starts up automatically which is what I want. However
for security I don’t want this to run under root, but I want to it run
under a user and group called ‘support’ I have
edited the radius.conf file and added #
for some finer-grained access controls. # user
= support group
= support #
max_request_time: The maximum time (in seconds) to handle a request. So
this is to get radius to run under support. If I run
radiusd –X from command line as user support, radius starts up fine. However
if I run the startup script as user support from /etc/init.d by entering
#./start-my-radius.sh it comes up with error upport@OXC-RPROXY-02:/etc/init.d$
./start-my-radius.sh radiusd:
Cannot initialize supplementary group list for user support: Operation not
permitted I
guess its something to do with permissions but I can’t figure out what I need
to change? I just want this to work under user support, if I’m logged in
as root and run #./start-my-radius.sh it works fine and starts up radius.
However I have to amend radius.conf to get this to work via root login so it
looks like this #user
= support #group
= support So
what have I missed? The radius
files look like this support@OXC-RPROXY-02:/usr/local/sbin$
ls -l total
780 -rwxr-xr-x
1 support support 36403 Oct 12 13:57 checkrad -rwxr-xr-x
1 support support 619724 Oct 12 13:57 radiusd -rwxr-xr-x
1 support support 115567 Oct 12 13:57 radmin -rwxr-xr-x
1 support support 1285 Oct 12 13:57 radwatch -rwxr-xr-x
1 support support 2471 Oct 12 14:22 rc.radiusd -rwxr-xr-x
1 support support 2506 Oct 12 14:22 rc.radiusdbkp support@OXC-RPROXY-02:/usr/local/sbin$ This
is what it looks like when the script starts via root support@OXC-RPROXY-02:/etc/init.d$
ps aux | grep radiusd root
30712 0.0 0.2 47080 2744
? Ssl 15:55 0:00
/usr/local/sbin/radiusd -d /usr/local/var/log/radius/radacct/ -d
/usr/local/etc/raddb/ support
32505 0.0 0.0 2184 736
pts/0 S+ 15:57 0:00 grep radiusd OXC-RPROXY-02:/etc/init.d#
cd /usr/local/sbin OXC-RPROXY-02:/usr/local/sbin#
ls -l total
780 -rwxr-xr-x
1 support support 36403 Oct 12 13:57 checkrad -rwxr-xr-x
1 support support 619724 Oct 12 13:57 radiusd -rwxr-xr-x
1 support support 115567 Oct 12 13:57 radmin -rwxr-xr-x
1 support support 1285 Oct 12 13:57 radwatch -rwxr-xr-x
1 support support 2471 Oct 12 14:22 rc.radiusd -rwxr-xr-x
1 support support 2506 Oct 12 14:22 rc.radiusdbkp Please
help!
|