Re: [Bug-gnu-radius] Are there good reasons for running radiusd as user 'root'?

[Maurice Makaay]

Hi,

> I just found a little problem with my patch. I can make the logs 
> directory of the user I set as the run-user, but radiusd starts logging
> before drop_privileges() is called. Resulting, affected logfiles 
> (e.g. radius.debug) will be owned by "root" and after dropping privileges
> radiusd can't add any more loglines to them. 
> 
> I haven't got a fix for this at this time. I'm too busy converting some
> of our radiusservers to gnu-radius. I'll look into it a.s.a.p.

If have looked into it a bit further and it seems like a good idea to me
to keep logging filehandles open. Now, every radlog call will open and
close the neede channel files. If a filehandle is added to the channel 
struct, the logfile can be opened once and the filehandle can be cached.
In that case the logfile that was opened as user root can still be written
by the run-user. Does this seem like a good idea to you? 

Regards,

-- Maurice Makaay