Web lists-archives.com

thoughts about freeradius package (especially dhcp)




Some time ago I migrated my home dhcp server from isc to freeradius.
Almost everything worked like a charm.
The only thing were problems with arp table [1].

Then I ended with configuration:
radius binary have set cap bits[2]
radius is run from systemd as freerad user
(it is important that "User=freerad" should be in unit file, not only
radius config)
the only thing is '/var/run/freeradius/' directory creation.

Is it bad idea to make freeradius run as freerad user with capabilities
enabled?
KJ

[1] I even filled bug reports
https://bugzilla.kernel.org/show_bug.cgi?id=187791
[2] cap_net_admin=eip CAP_NET_RAW=eip CAP_NET_BIND_SERVICE=eip
-- 
http://wolnelektury.pl/wesprzyj/teraz/
Everyone is a genius.  It's just that some people are too stupid to realize it.