That's why the "chrooted" bit. You setup a /foo/radius_root with all
the standard files:
(under Red Hat 5.0 with Livingston RADIUS 2.0.1 source compiled against
libc 6 and Choicenet binary from Livingston which is compiled against
libc 5):
/foo/radius_root/lib/ld-linux.so.2
/foo/radius_root/lib/libc.so.6
/foo/radius_root/lib/libcrypt.so.1
/foo/radius_root/lib/libdb.so.2
/foo/radius_root/lib/libnss_files.so.1
/foo/radius_root/lib/libnss_dns.so.1
/foo/radius_root/lib/libresolv.so.2
/foo/radius_root/lib/libnss_nis.so.1
/foo/radius_root/lib/libnsl.so.1
/foo/radius_root/etc/passwd
/foo/radius_root/etc/hosts
/foo/radius_root/etc/nsswitch.conf
/foo/radius_root/etc/resolv.conf
/foo/radius_root/etc/services
/foo/radius_root/etc/group
/foo/radius_root/etc/localtime
/foo/radius_root/log/log/radius
/foo/radius_root/log/log/choicenet
/foo/radius_root/sbin/filterd
/foo/radius_root/sbin/radiusd
/foo/radius_root/raddb/clients
/foo/radius_root/raddb/dictionary
/foo/radius_root/raddb/users
/foo/radius_root/raddb/menus/*
/foo/radius_root/raddb/builddbm
/foo/radius_root/choicenet/clients
/foo/radius_root/choicenet/filters/*
Start RADIUS as:
chroot /foo/radius_root /sbin/radiusd -a /log -d /raddb -l /log/log/radius
Choicenet doesn't need to be chrooted:
/foo/radius_root/sbin/filterd -d /foo/radius_root/choicenet \
-l /foo/radius_root/log/log/choicenet
You can't log to syslog from a chrooted environment, since even if you
made it, /dev/log would not be read by syslogd.
-- Chris Adams - cadams@ro.com System Administrator - Renaissance Internet Services I don't speak for anybody but myself - that's enough trouble. - To unsubscribe, email 'majordomo@livingston.com' with 'unsubscribe portmaster-radius' in the body of the message. Searchable list archive: <URL:http://www.livingston.com/Tech/archive/>