running port as non-root
Dan Nelson
dnelson at allantgroup.com
Fri Nov 30 07:27:38 PST 2007
In the last episode (Nov 30), rihad said:
> Hi, I'm trying to run the net/openradius port as non-root
> by first changing /usr/local/etc/rc.d/openradius:
>
> . /etc/rc.subr
>
> name="openradius"
> rcvar=`set_rcvar`
>
> load_rc_config ${name}
>
> : ${openradius_enable="NO"}
> : ${openradius_flags="-o /var/log/openradius.log"}
>
> -command=/usr/local/sbin/radiusd
> +command=/usr/local/bin/sudo
> +flags="-u radius /usr/local/sbin/radiusd"
It's much cleaner to simply set openradius_user=radius and let rc.subr
handle the userid switching using su.
> run_rc_command "$1"
>
> (Lines marked with -/+ were removed/added by me, respectively).
>
> Then I add the radius user, allow it to run without sudo's asking for
> the password, and finally start the thing up:
> # pw useradd radius -d /nonexistent -s /usr/sbin/nologin
> # visudo
> # ... do the necessary chown/chmod on openradius logs/dictionaries ...
> # /usr/local/etc/rc.d/openradius start
>
> All fine so far: everything starts up fine and runs. The problem starts
> here:
> # /usr/local/etc/rc.d/openradius stop
> openradius not running?
> # ps -auxww | fgrep radiusd
> radius 89300 0.0 0.0 3756 1588 ?? Is 10:56AM 0:00.00 /usr/local/sbin/radiusd
> ...
>
> any built-in way to make "stop" work, without changing rc.d/ too much?
Problem is you set command=/usr/local/bin/sudo, so the stop sequence
isn't looking for radiusd at all.
For more info on rc scripts, see the rc.subr manpage and
http://www.freebsd.org/doc/en_US.ISO8859-1/articles/rc-scripting/index.html
--
Dan Nelson
dnelson at allantgroup.com
More information about the freebsd-questions
mailing list