Time for action – incorporating Linux system users in FreeRADIUS
The FreeRADIUS documentation recommends that it runs as a non-privileged user. When we include the system users as a user store, this non-privileged user will need access to the /etc/shadow
, file. Each of the three distributions has different default configurations with regards to the permissions and ownership of the /etc/shadow
file.
Preparing rights
Ubuntu has the correct rights for the /etc/shadow
file by default. In Ubuntu the /etc/shadow
file is owned by the group called shadow
which has read rights to the file. When FreeRADIUS installs, it adds a user and group called freerad
. The user freerad
is added to the shadow
group, which allows freerad
read access to /etc/shadow
.
You can ...
Get FreeRADIUS Beginner's Guide now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.