File: control-socket

package info (click to toggle)
freeradius 3.0.12+dfsg-5+deb9u1
  • links: PTS, VCS
  • area: main
  • in suites: stretch
  • size: 21,144 kB
  • ctags: 11,887
  • sloc: ansic: 109,067; sh: 5,176; perl: 2,648; sql: 1,397; python: 1,161; makefile: 374; xml: 62; tcl: 35; sed: 23; ruby: 22
file content (92 lines) | stat: -rw-r--r-- 2,632 bytes parent folder | download | duplicates (5)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
# -*- text -*-
######################################################################
#
#	Control socket interface.
#
#	In the future, we will add username/password checking for
#	connections to the control socket.  We will also add
#	command authorization, where the commands entered by the
#	administrator are run through a virtual server before
#	they are executed.
#
#	For now, anyone who has permission to connect to the socket
#	has nearly complete control over the server.  Be warned!
#
#	This functionality is NOT enabled by default.
#
#	See also the "radmin" program, which is used to communicate
#	with the server over the control socket.
#
#	$Id: 97ba9ef972539af80dcaf84090b55d991095a93e $
#
######################################################################
listen {
	#
	#  Listen on the control socket.
	#
	type = control

	#
	#  Socket location.
	#
	#  This file is created with the server's uid and gid.
	#  It's permissions are r/w for that user and group, and
	#  no permissions for "other" users.  These permissions form
	#  minimal security, and should not be relied on.
	#
	socket = ${run_dir}/${name}.sock

	#
	#  Peercred auth
	#
	#  By default the server users the peercred feature of unix
	#  sockets to get the UID and GID of the user connecting to
	#  the socket. You may choose to disable this functionality
	#  and rely on the file system for enforcing permissions.
	#
	#  On most Unix systems, the permissions set on the socket
	#  are not enforced, but the ones on the directory containing
	#  the socket are.
	#
	#  To use filesystem permissions you should create a new
	#  directory just to house the socket file, and set
	#  appropriate permissions on that.
	#
#	peercred = no
#	socket = ${run_dir}/control/${name}.sock

	#
	#  The following two parameters perform authentication and
	#  authorization of connections to the control socket.
	#
	#  If not set, then ANYONE can connect to the control socket,
	#  and have complete control over the server.  This is likely
	#  not what you want.
	#
	#  One, or both, of "uid" and "gid" should be set.  If set, the
	#  corresponding value is checked.  Unauthorized users result
	#  in an error message in the log file, and the connection is
	#  closed.
	#

	#
	#  Name of user that is allowed to connect to the control socket.
	#
#	uid = freerad

	#
	#  Name of group that is allowed to connect to the control socket.
	#
#	gid = freerad

	#
	#  Access mode.
	#
	#  This can be used to give *some* administrators access to
	#  monitor the system, but not to change it.
	#
	#	ro = read only access (default)
	#	rw = read/write access.
	#
#	mode = rw
}