[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-gnu-radius] Are there good reasons for running radiusd as user
From: |
Maurice Makaay |
Subject: |
Re: [Bug-gnu-radius] Are there good reasons for running radiusd as user 'root'? |
Date: |
Wed, 12 Nov 2003 12:00:39 +0100 |
Hi,
> You only have to run it as root if you plan to use Auth-Type = System
> and/or Auth-Type = PAM. Otherwise it is OK to run radiusd with usual user
> privileges, provided that the logging directory is writable for that
> user or group (the default /var/log obviously isn't).
...
> That is reasonable. I'll surely add the feature.
I created a patch which adds a new keyword "exec-user" to the configuration
file's vocabulary. By setting the exec-user, one can determine under which
uid the server should be run. Things that are in the patch:
* Cleanup of some old references to exec-program-group, which were still
in the texinfo files.
* A new type of configuration CFG_USER in config.y. This type handles
users that are specified using either uids or usernames. This will
fill a new type of struct "user_info" with some basic user information
(the username, the uid and the gid of a user; a complete passwd struct
would contain way more info than needed).
* A new droppriv.c file, which handles privilege dropping. The current
implementation for privilege dropping (for running external programs)
is only changing the euid. I think this is bad policy because this
way the external program can simply change its uid back to the root uid.
Setting the exec-program-user probably has a safety-reason, so let's
be as safe as we can. If a user really wants to keep the ruid "root",
he can simply set run-user and exec-program-user to "root" in the
radius server's config and set the euid in the external program himself.
The drop_privileges() function takes a pointer to a "user_info" struct
as its argument.
* The new way of setting the run-user/exec-program-user has has fixed
one of the FIXME's in the source of radiusd/exec.c:
Check user/group
FIXME: This should be checked *once* after re-reading the
configuration
* config.syntax contains information on run-user and some related
remarks were added to exec-program-user.
* Several checks are added to warn the user for:
- the use of non-existant uids/usernames (this will cause the server
to exit).
- mixing two differing non-root users for run-user and exec-program-user,
in which case the exec-program-user will not work (because only root
can switch uid).
- using Auth-Type System and/or PAM, for which root-access is needed.
- not being able to find the default user 'daemon' on the system, in
which case the program will revert to the user 'root' for
exec-program-user.
There are two files attached: a diff for changes that are made to the
already existing files in CVS and a copy of the new file droppriv.c.
There's a FIXME of my own in radiusd.c:
/* Now, try to drop our privileges... FIXME: exit on failure?*/
drop_privileges(&run_user);
I think it would be best to have the server aborting in case the privilege
dropping fails, but I don't know what your opinion on this is..
Regards,
-- Maurice Makaay
CVS-droppriv.c
Description: Text document
CVS-patch-dropprivileges
Description: Text document
- [Bug-gnu-radius] Are there good reasons for running radiusd as user 'root'?, Maurice Makaay, 2003/11/10
- Re: [Bug-gnu-radius] Are there good reasons for running radiusd as user 'root'?, Sergey Poznyakoff, 2003/11/11
- Re: [Bug-gnu-radius] Are there good reasons for running radiusd as user 'root'?,
Maurice Makaay <=
- Re: [Bug-gnu-radius] Are there good reasons for running radiusd as user 'root'?, Maurice Makaay, 2003/11/12
- Re: [Bug-gnu-radius] Are there good reasons for running radiusd as user 'root'?, Sergey Poznyakoff, 2003/11/13
- Re: [Bug-gnu-radius] Are there good reasons for running radiusd as user 'root'?, Maurice Makaay, 2003/11/15
- Re: [Bug-gnu-radius] Are there good reasons for running radiusd as user 'root'?, Maurice Makaay, 2003/11/16
- Re: [Bug-gnu-radius] Are there good reasons for running radiusd as user 'root'?, Sergey Poznyakoff, 2003/11/16
- Re: [Bug-gnu-radius] Are there good reasons for running radiusd as user 'root'?, Maurice Makaay, 2003/11/16
- Re: [Bug-gnu-radius] Are there good reasons for running radiusd as user 'root'?, Sergey Poznyakoff, 2003/11/21