From 7c7d97678396f35c5efc0260920036f42648042e Mon Sep 17 00:00:00 2001
From: Nigel Kukard <nkukard@lbsd.net>
Date: Tue, 11 Jan 2011 13:26:52 +0000
Subject: [PATCH] Added better runfile ownership and security

Added better runfile ownership and security. pid & cache file
are now stored in /var/run/smradius by default and the log file
is stored in /var/log/smradius by default . user= and group=
will apply to both of these now.
---
 INSTALL        | 10 ++++++++++
 UPGRADING      |  7 +++++++
 smradiusd      | 18 +++++++++++++++---
 smradiusd.conf |  6 +++++-
 4 files changed, 37 insertions(+), 4 deletions(-)

diff --git a/INSTALL b/INSTALL
index e5123734..e8cbdc53 100644
--- a/INSTALL
+++ b/INSTALL
@@ -19,3 +19,13 @@ Installing SMRadius.
 
 
 
+
+1. Setup system dirs
+
+mkdir /var/log/smradius
+mkdir /var/run/smradius
+
+If you are running smradius as an unpriv user, then ...
+chown smradius.smradius /var/log/smradius /var/run/smradius
+
+
diff --git a/UPGRADING b/UPGRADING
index e0e12693..79eefe1b 100644
--- a/UPGRADING
+++ b/UPGRADING
@@ -2,6 +2,13 @@
 2011-01-11:
 	Move configuration file item "use_packet_timestamp=" to "[radius]" section
 
+	mkdir /var/log/smradius
+	mkdir /var/run/smradius
+
+	If you are running smradius as an unpriv user, then ...
+	chown smradius.smradius /var/log/smradius /var/run/smradius
+
+
 ---
 
 r574:
diff --git a/smradiusd b/smradiusd
index 2362c4a2..182904ae 100755
--- a/smradiusd
+++ b/smradiusd
@@ -68,12 +68,13 @@ sub configure {
 	# Set defaults
 	my $cfg;
 	$cfg->{'config_file'} = "/etc/smradiusd.conf";
+	$cfg->{'cache_file'} = '/var/run/smradius/cache';
 
 	$server->{'timeout'} = 120;
 	$server->{'background'} = "yes";
-	$server->{'pid_file'} = "/var/run/smradiusd.pid";
+	$server->{'pid_file'} = "/var/run/smradius/smradiusd.pid";
 	$server->{'log_level'} = 2;
-	$server->{'log_file'} = "/var/log/smradiusd.log";
+	$server->{'log_file'} = "/var/log/smradius/smradiusd.log";
 
 	$server->{'host'} = "*";
 	$server->{'port'} = [ 1812, 1813 ];
@@ -293,6 +294,12 @@ sub configure {
 		}
 	}
 
+	# Check if the user specified a cache_file in the config
+	if (defined($config{'server'}{'cache_file'})) {
+		$cfg->{'cache_file'} = $config{'server'}{'cache_file'};
+	}
+
+
 	# Save our config and stuff
 	$self->{'config'} = $cfg;
 	$self->{'cmdline'} = $cmdline;
@@ -348,7 +355,12 @@ sub post_configure_hook {
 
 	$self->log(LOG_INFO,"[SMRADIUS] Initializing system modules.");
 	# Init caching engine
-	awitpt::cache::Init($self);
+	awitpt::cache::Init($self,{
+		'cache_file' => $self->{'config'}{'cache_file'},
+		'cache_file_user' => $self->{'server'}->{'user'},
+		'cache_file_group' => $self->{'server'}->{'group'}
+	});
+
 	$self->log(LOG_INFO,"[SMRADIUS] System modules initialized.");
 
 }
diff --git a/smradiusd.conf b/smradiusd.conf
index 6c816e54..e84c263e 100644
--- a/smradiusd.conf
+++ b/smradiusd.conf
@@ -8,7 +8,11 @@
 #group=
 
 # Filename to store pid of parent process
-#pid_file=/var/run/smradiusd.pid
+#pid_file=/var/run/smradius/smradiusd.pid
+
+# Cache file
+#cache_file=/var/run/smradius/cache
+
 
 # Uncommenting the below option will prevent awradiusd going into the background
 #background=no
-- 
GitLab