bug-gnu-radius
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-gnu-radius] Are there good reasons for running radiusd as user

From: Sergey Poznyakoff
Subject: Re: [Bug-gnu-radius] Are there good reasons for running radiusd as user 'root'?
Date: Sun, 16 Nov 2003 16:16:37 +0200 
> 
> If have looked into it a bit further and it seems like a good idea to me
> to keep logging filehandles open. Now, every radlog call will open and
> close the neede channel files. If a filehandle is added to the channel 
> struct, the logfile can be opened once and the filehandle can be cached.
> In that case the logfile that was opened as user root can still be written
> by the run-user. Does this seem like a good idea to you? 

No, it doesn't. Radiusd intentionally does not keep log file descriptors
open. There is a set of good reasons for that, the most important ones
being: 1) to avoid keeping too many fds open so the system limit is
not exceeded, 2) to simplify operation when the logfile is rotated
and replaced by a fresh one (keeping file handle open would require
closing and reopening it, which in turn would require some kind of
notification procedure (probably a new signal) which would unnecesarly
complicate the code and is clumsy from user point of view).

The problem with logs in non-root startup mode is not a programming
problem, so it cannot and should not be solved by radiusd itself. The
right way to solve it is for the user to create a separate logging
subirectory, say /var/log/radiusd, make it owned by the uid that
radiusd runs under, and set right priviledges to it.

Regards,
Sergey
reply via email to
[Prev in Thread] Current Thread [Next in Thread]