Bug 891297
| Summary: | ${db_dir} incorrectly defaults to /etc/raddb, should be /var/lib/radiusd | |||
|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | John Dennis <jdennis> | |
| Component: | freeradius | Assignee: | John Dennis <jdennis> | |
| Status: | CLOSED NEXTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | |
| Severity: | unspecified | Docs Contact: | ||
| Priority: | unspecified | |||
| Version: | 18 | CC: | jdennis, lemenkov, lnovy | |
| Target Milestone: | --- | |||
| Target Release: | --- | |||
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| Whiteboard: | ||||
| Fixed In Version: | freeradius-3.0.0-1.fc21 | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 891305 (view as bug list) | Environment: | ||
| Last Closed: | 2013-10-13 14:41:43 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 891305 | |||
The suggestion at the end of comment #1 is incorrect, raddbdir points to the configuration files, thus it *must* remain /etc/raddb. The only viable fix is to edit raddb/radiusd.conf.in and modify db_dir = ${raddbdir} to be: db_dir = ${localstatedir}/lib/radiusd FWIW it appears to be an unfortunate historical artefact that the configuration directory (raddb) is called a "database" directory (the "db" suffix). In any event db_dir is completely independent of the configuration directory and it is a mistake the two were ever conflated. fix applied for next major version so as not to disrupt existing deployments. freeradius-3.0.0-1.fc21 |
The configuration parameter db_dir, specified in /etc/raddb/radiusd.conf is used to specify where database files will be created. Those database files are currently utilized by ippool and counter modules as well as the experimental cache module. /etc/raddb/radiusd.conf has these lines: raddbdir = @raddbdir@ confdir = ${raddbdir} db_dir = ${raddbdir} raddbdir defaults to /etc/raddb raddbdir can be set during the build via the configuration option: --with-raddbdir=DIR Directory for config files SYSCONFDIR/raddb Thus both confdir and db_dir both are set to /etc/raddb confdir *MUST* be /etc/raddb but db_dir should not be /etc/raddb because: 1) only configuration files are stored under /etc, not database files 2) /etc/raddb is only writable by root, thus the attempt to create database files under /etc/raddb will fail with permission denied errors, e.g.: rlm_ippool: Failed to open file /etc/raddb/db.ippool: Permission denied The correct place to locate these database files is under /var/lib/radiusd. This is even suggested by the comment in /etc/raddb/radiusd.conf above the initialization of db_dir # Should likely be ${localstatedir}/lib/radiusd However, note that one cannot use --with-raddbdir to set this value because raddbdir also initializes confdir, which appears to be incorrect. The configuration directory and the database directory are logically *not* the same. The suggested fix is to initialize confdir from something other than raddbdir and to use --with-raddbdir set to /var/lib/radiusd