Web lists-archives.com

thoughts about freeradius package (especially dhcp)

Some time ago I migrated my home dhcp server from isc to freeradius.
Almost everything worked like a charm.
The only thing were problems with arp table [1].

Then I ended with configuration:
radius binary have set cap bits[2]
radius is run from systemd as freerad user
(it is important that "User=freerad" should be in unit file, not only
radius config)
the only thing is '/var/run/freeradius/' directory creation.

Is it bad idea to make freeradius run as freerad user with capabilities

[1] I even filled bug reports
[2] cap_net_admin=eip CAP_NET_RAW=eip CAP_NET_BIND_SERVICE=eip
Everyone is a genius.  It's just that some people are too stupid to realize it.