Bug 1022033 – ${db_dir} incorrectly defaults to /etc/raddb, should be /var/lib/radiusd

Bug 1022033 - ${db_dir} incorrectly defaults to /etc/raddb, should be /var/lib/radiusd

Summary:	${db_dir} incorrectly defaults to /etc/raddb, should be /var/lib/radiusd

Status:	CLOSED WONTFIX

Aliases:	None

Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	freeradius (Show other bugs)
Sub Component:
Version:	6.5
Hardware:	Unspecified Unspecified

Priority	medium Severity low
Target Milestone:	rc
Target Release:	---
Assigned To:	John Dennis
QA Contact:	BaseOS QE Security Team
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:	1061410
	Show dependency tree / graph

Reported:	2013-10-22 10:10 EDT by Karel Srot
Modified:	2014-11-21 08:24 EST (History)
CC List:	1 user (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:	891305
Environment:
Last Closed:	2014-11-21 08:24:19 EST
Type:	Bug
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Karel Srot 2013-10-22 10:10:23 EDT

I am not sure whether this is worth of fixing in RHEL-6 though.

+++ This bug was initially created as a clone of Bug #891297 +++

The configuration parameter db_dir, specified in /etc/raddb/radiusd.conf is used to specify where database files will be created. Those database files are currently utilized by ippool and counter modules as well as the experimental cache module.

/etc/raddb/radiusd.conf has these lines:

raddbdir = @raddbdir@
confdir = ${raddbdir}
db_dir = ${raddbdir}

raddbdir defaults to /etc/raddb

raddbdir can be set during the build via the configuration option:

--with-raddbdir=DIR     Directory for config files SYSCONFDIR/raddb

Thus both confdir and db_dir both are set to /etc/raddb


confdir *MUST* be /etc/raddb

but db_dir should not be /etc/raddb because:

1) only configuration files are stored under /etc, not database files

2) /etc/raddb is only writable by root, thus the attempt to create database files under /etc/raddb will fail with permission denied errors, e.g.:

rlm_ippool: Failed to open file /etc/raddb/db.ippool: Permission denied

The correct place to locate these database files is under /var/lib/radiusd. This is even suggested by the comment in /etc/raddb/radiusd.conf above the initialization of db_dir

# Should likely be ${localstatedir}/lib/radiusd

However, note that one cannot use --with-raddbdir to set this value because raddbdir also initializes confdir, which appears to be incorrect. The configuration directory and the database directory are logically *not* the same.

The suggested fix is to initialize confdir from something other than raddbdir and to use --with-raddbdir set to /var/lib/radiusd

--- Additional comment from John Dennis on 2013-01-02 09:21:14 EST ---

The suggestion at the end of comment #1 is incorrect, raddbdir points to the configuration files, thus it *must* remain /etc/raddb. The only viable fix is to edit raddb/radiusd.conf.in and modify 

db_dir = ${raddbdir}

to be:

db_dir = ${localstatedir}/lib/radiusd

FWIW it appears to be an unfortunate historical artefact that the configuration directory (raddb) is called a "database" directory (the "db" suffix).

In any event db_dir is completely independent of the configuration directory and it is a mistake the two were ever conflated.

Comment 1 Dmitri Pal 2014-03-14 17:44:09 EDT

Not on ACL for 6.6. Moving out.

Note You need to log in before you can comment on or make changes to this bug.