Name
user and group
Synopsis
These options dictate under what user and group radiusd runs. It is not prudent to allow FreeRADIUS to run under a user and group with excessive permissions. In fact, to minimize the permissions granted to FreeRADIUS, use the user and group “nobody.” However, on systems configured to use shadow passwords, you may need to set the user to “nobody” and the group to “shadow” so that radiusd can read the shadow file. This is not a desirable idea. On some systems, you may need to set both the user and group to “root,” although it’s clear why that is an even worse idea.
Usage:
user = [username]; group = [groupname]
Suggestion:
user = nobody; group = nobody
Get RADIUS now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
