resolves: bug #522111 non-conformant initscript also change permission of

/var/run/radiusd from 0700 to 0755 so that "service radiusd status" can be run as non-root
2009-12-03 21:44:54 +00:00 · 2009-12-03 21:44:54 +00:00 · afeabfbd24
commit afeabfbd24
parent de7b39cbb5
2 changed files with 109 additions and 72 deletions
--- a/164
+++ b/164
@ -1,80 +1,110 @@
 #!/bin/sh
 #
+# radiusd Start/Stop the FreeRADIUS daemon
+#
 # chkconfig: - 88 10
-# description: Start/Stop the RADIUS server daemon
-#
-#    This program is free software; you can redistribute it and/or modify
-#    it under the terms of the GNU General Public License as published by
-#    the Free Software Foundation; either version 2 of the License, or
-#    (at your option) any later version.
-#
-#    This program is distributed in the hope that it will be useful,
-#    but WITHOUT ANY WARRANTY; without even the implied warranty of
-#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#    GNU General Public License for more details.
-#
-#    You should have received a copy of the GNU General Public License
-#    along with this program; if not, write to the Free Software
-#    Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
-#
-#    Copyright (C) 2001 The FreeRADIUS Project   http://www.freeradius.org
-#
+# description: Extensible, configurable, high performance RADIUS server.
+
+### BEGIN INIT INFO
+# Provides: radiusd
+# Required-Start: $network
+# Required-Stop:
+# Should-Start: $time $syslog mysql ldap postgresql samba krb5-kdc
+# Should-Stop:
+# Short-Description: FreeRADIUS server
+# Description: Extensible, configurable, high performance RADIUS server.
+### END INIT INFO

 # Source function library.
 . /etc/rc.d/init.d/functions

-RADIUSD=/usr/sbin/radiusd
-LOCKF=/var/lock/subsys/radiusd
-CONFIG=/etc/raddb/radiusd.conf
+initname=${0##*/}
+prog=radiusd
+exec=/usr/sbin/$prog
+config=/etc/raddb/radiusd.conf
+pidfile=/var/run/$prog/$prog.pid
+lockfile=/var/lock/subsys/$initname

-[ -f $RADIUSD ] || exit 0
-[ -f $CONFIG ] || exit 0
+[ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog
+
+start() {
+    [ -x $exec ] || exit 5
+    [ -f $config ] || exit 6
+    echo -n $"Starting $prog: "
+    daemon --pidfile $pidfile $exec
+    retval=$?
+    echo
+    [ $retval -eq 0 ] && touch $lockfile
+    return $retval
+}
+
+stop() {
+    echo -n $"Stopping $prog: "
+    killproc -p $pidfile $prog
+    retval=$?
+    echo
+    [ $retval -eq 0 ] && rm -f $lockfile
+    return $retval
+}
+
+restart() {
+    stop
+    start
+}
+
+reload() {
+    # radiusd may not be capable of a 100% configuration reload depending
+    # on which loadable modules are in use, if sending the server a
+    # HUP is not sufficient then use restart here instead. However, we
+    # prefer by default to use HUP since it's what is usually desired.
+    #    
+    # restart
+
+    kill -HUP `pidofproc -p $pidfile $prog`
+}
+
+force_reload() {
+    restart
+}
+
+rh_status() {
+    # run checks to determine if the service is running or use generic status
+    status -p $pidfile $prog
+}
+
+rh_status_q() {
+    rh_status >/dev/null 2>&1
+}

-RETVAL=0

 case "$1" in
-  start)
-	echo -n $"Starting RADIUS server: "
-	daemon $RADIUSD
-	RETVAL=$?
-	echo
-	[ $RETVAL -eq 0 ] && touch $LOCKF &&
-	    ln -s /var/run/radiusd/radiusd.pid /var/run/radiusd.pid 2>/dev/null
-	;;
-  stop)
-	echo -n $"Stopping RADIUS server: "
-	killproc $RADIUSD
-	RETVAL=$?
-	echo
-	[ $RETVAL -eq 0 ] && rm -f $LOCKF
-	;;
-  status)
-	status radiusd
-	RETVAL=$?
+    start)
+        rh_status_q && exit 0
+        $1
        ;;
-  reload)
-	echo -n $"Reloading RADIUS server: "
-	killproc $RADIUSD -HUP
-	RETVAL=$?
-	echo
-	;;
-  restart)
-	$0 stop
-	sleep 3
-	$0 start
-	RETVAL=$?
-	;;
-  condrestart)
-	if [ -f $LOCKF ]; then
-		$0 stop
-		sleep 3
-		$0 start
-		RETVAL=$?
-	fi
-	;;
-  *)
-	echo $"Usage: $0 {start|stop|status|restart|reload|condrestart}"
-	exit 1
+    stop)
+        rh_status_q || exit 0
+        $1
+        ;;
+    restart)
+        $1
+        ;;
+    reload)
+        rh_status_q || exit 7
+        $1
+        ;;
+    force-reload)
+        force_reload
+        ;;
+    status)
+        rh_status
+        ;;
+    condrestart|try-restart)
+        rh_status_q || exit 0
+        restart
+        ;;
+    *)
+        echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}"
+        exit 2
 esac
-
-exit $RETVAL
+exit $?
--- a/freeradius.spec
+++ b/freeradius.spec
@ -1,7 +1,7 @@
 Summary: High-performance and highly configurable free RADIUS server
 Name: freeradius
 Version: 2.1.7
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: GPLv2+ and LGPLv2+
 Group: System Environment/Daemons
 URL: http://www.freeradius.org/
@ -15,6 +15,7 @@ Obsoletes: freeradius-dialupadmin >= 2.0 freeradius-dialupadmin-ldap >= 2.0
 Obsoletes: freeradius-dialupadmin-mysql >= 2.0 freeradius-dialupadmin-postgresql >= 2.0

 %define docdir %{_docdir}/freeradius-%{version}
+%define initddir %{?_initddir:%{_initddir}}%{!?_initddir:%{_initrddir}}

 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)

@ -192,7 +193,8 @@ make
 %install
 rm -rf $RPM_BUILD_ROOT
 mkdir -p $RPM_BUILD_ROOT/var/run/radiusd
-mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/{logrotate.d,pam.d,rc.d/init.d}
+mkdir -p $RPM_BUILD_ROOT/%{initddir}
+mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/{logrotate.d,pam.d}
 mkdir -p $RPM_BUILD_ROOT/var/lib/radiusd
 # fix for bad libtool bug - can not rebuild dependent libs and bins
 #FIXME export LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_libdir}
@ -206,7 +208,7 @@ perl -i -pe 's/^#group =.*$/group = radiusd/' $RADDB/radiusd.conf
 mkdir -p $RPM_BUILD_ROOT/var/log/radius/radacct
 touch $RPM_BUILD_ROOT/var/log/radius/{radutmp,radius.log}

-install -m 755 %{SOURCE100} $RPM_BUILD_ROOT/%{_initrddir}/radiusd
+install -m 755 %{SOURCE100} $RPM_BUILD_ROOT/%{initddir}/radiusd
 install -m 644 %{SOURCE102} $RPM_BUILD_ROOT/%{_sysconfdir}/logrotate.d/radiusd
 install -m 644 %{SOURCE103} $RPM_BUILD_ROOT/%{_sysconfdir}/pam.d/radiusd

@ -330,7 +332,7 @@ fi
 %doc %{docdir}/
 %config(noreplace) %{_sysconfdir}/pam.d/radiusd
 %config(noreplace) %{_sysconfdir}/logrotate.d/radiusd
-%config(noreplace) %{_initrddir}/radiusd
+%config(noreplace) %{initddir}/radiusd
 %dir %attr(755,radiusd,radiusd) /var/lib/radiusd
 # configs
 %dir %attr(755,root,radiusd) /etc/raddb
@ -409,7 +411,7 @@ fi
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/sradutmp
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/unix
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/wimax
-%dir %attr(700,radiusd,radiusd) /var/run/radiusd/
+%dir %attr(755,radiusd,radiusd) /var/run/radiusd/
 # binaries
 %defattr(-,root,root)
 /usr/sbin/checkrad
@ -621,6 +623,11 @@ fi
 %{_libdir}/freeradius/rlm_sql_unixodbc-%{version}.so

 %changelog
+* Thu Dec  3 2009 John Dennis <jdennis@redhat.com> - 2.1.7-3
+- resolves: bug #522111 non-conformant initscript
+  also change permission of /var/run/radiusd from 0700 to 0755
+  so that "service radiusd status" can be run as non-root
+
 * Wed Sep 16 2009 Tomas Mraz <tmraz@redhat.com> - 2.1.7-2
 - use password-auth common PAM configuration instead of system-auth