resolves: bug #522111 non-conformant initscript also change permission of

/var/run/radiusd from 0700 to 0755 so that "service radiusd status" can
    be run as non-root

freeradius-radiusd-init

@@ -1,80 +1,110 @@
 #!/bin/sh
 #
+# radiusd Start/Stop the FreeRADIUS daemon
+#
 # chkconfig: - 88 10
-# description: Start/Stop the RADIUS server daemon
+# description: Extensible, configurable, high performance RADIUS server.
-#
+
-#    This program is free software; you can redistribute it and/or modify
+### BEGIN INIT INFO
-#    it under the terms of the GNU General Public License as published by
+# Provides: radiusd
-#    the Free Software Foundation; either version 2 of the License, or
+# Required-Start: $network
-#    (at your option) any later version.
+# Required-Stop:
-#
+# Should-Start: $time $syslog mysql ldap postgresql samba krb5-kdc
-#    This program is distributed in the hope that it will be useful,
+# Should-Stop:
-#    but WITHOUT ANY WARRANTY; without even the implied warranty of
+# Short-Description: FreeRADIUS server
-#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# Description: Extensible, configurable, high performance RADIUS server.
-#    GNU General Public License for more details.
+### END INIT INFO
-#
-#    You should have received a copy of the GNU General Public License
-#    along with this program; if not, write to the Free Software
-#    Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
-#
-#    Copyright (C) 2001 The FreeRADIUS Project   http://www.freeradius.org
-#
 
 # Source function library.
 . /etc/rc.d/init.d/functions
 
-RADIUSD=/usr/sbin/radiusd
+initname=${0##*/}
-LOCKF=/var/lock/subsys/radiusd
+prog=radiusd
-CONFIG=/etc/raddb/radiusd.conf
+exec=/usr/sbin/$prog
+config=/etc/raddb/radiusd.conf
+pidfile=/var/run/$prog/$prog.pid
+lockfile=/var/lock/subsys/$initname
 
-[ -f $RADIUSD ] || exit 0
+[ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog
-[ -f $CONFIG ] || exit 0
+
+start() {
+    [ -x $exec ] || exit 5
+    [ -f $config ] || exit 6
+    echo -n $"Starting $prog: "
+    daemon --pidfile $pidfile $exec
+    retval=$?
+    echo
+    [ $retval -eq 0 ] && touch $lockfile
+    return $retval
+}
+
+stop() {
+    echo -n $"Stopping $prog: "
+    killproc -p $pidfile $prog
+    retval=$?
+    echo
+    [ $retval -eq 0 ] && rm -f $lockfile
+    return $retval
+}
+
+restart() {
+    stop
+    start
+}
+
+reload() {
+    # radiusd may not be capable of a 100% configuration reload depending
+    # on which loadable modules are in use, if sending the server a
+    # HUP is not sufficient then use restart here instead. However, we
+    # prefer by default to use HUP since it's what is usually desired.
+    #    
+    # restart
+
+    kill -HUP `pidofproc -p $pidfile $prog`
+}
+
+force_reload() {
+    restart
+}
+
+rh_status() {
+    # run checks to determine if the service is running or use generic status
+    status -p $pidfile $prog
+}
+
+rh_status_q() {
+    rh_status >/dev/null 2>&1
+}
 
-RETVAL=0
 
 case "$1" in
-  start)
+    start)
-	echo -n $"Starting RADIUS server: "
+        rh_status_q && exit 0
-	daemon $RADIUSD
+        $1
-	RETVAL=$?
-	echo
-	[ $RETVAL -eq 0 ] && touch $LOCKF &&
-	    ln -s /var/run/radiusd/radiusd.pid /var/run/radiusd.pid 2>/dev/null
-	;;
-  stop)
-	echo -n $"Stopping RADIUS server: "
-	killproc $RADIUSD
-	RETVAL=$?
-	echo
-	[ $RETVAL -eq 0 ] && rm -f $LOCKF
-	;;
-  status)
-	status radiusd
-	RETVAL=$?
         ;;
-  reload)
+    stop)
-	echo -n $"Reloading RADIUS server: "
+        rh_status_q || exit 0
-	killproc $RADIUSD -HUP
+        $1
-	RETVAL=$?
+        ;;
-	echo
+    restart)
-	;;
+        $1
-  restart)
+        ;;
-	$0 stop
+    reload)
-	sleep 3
+        rh_status_q || exit 7
-	$0 start
+        $1
-	RETVAL=$?
+        ;;
-	;;
+    force-reload)
-  condrestart)
+        force_reload
-	if [ -f $LOCKF ]; then
+        ;;
-		$0 stop
+    status)
-		sleep 3
+        rh_status
-		$0 start
+        ;;
-		RETVAL=$?
+    condrestart|try-restart)
-	fi
+        rh_status_q || exit 0
-	;;
+        restart
-  *)
+        ;;
-	echo $"Usage: $0 {start|stop|status|restart|reload|condrestart}"
+    *)
-	exit 1
+        echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}"
+        exit 2
 esac
-
+exit $?
-exit $RETVAL

freeradius.spec

@@ -1,7 +1,7 @@
 Summary: High-performance and highly configurable free RADIUS server
 Name: freeradius
 Version: 2.1.7
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: GPLv2+ and LGPLv2+
 Group: System Environment/Daemons
 URL: http://www.freeradius.org/
@@ -15,6 +15,7 @@ Obsoletes: freeradius-dialupadmin >= 2.0 freeradius-dialupadmin-ldap >= 2.0
 Obsoletes: freeradius-dialupadmin-mysql >= 2.0 freeradius-dialupadmin-postgresql >= 2.0
 
 %define docdir %{_docdir}/freeradius-%{version}
+%define initddir %{?_initddir:%{_initddir}}%{!?_initddir:%{_initrddir}}
 
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
@@ -192,7 +193,8 @@ make
 %install
 rm -rf $RPM_BUILD_ROOT
 mkdir -p $RPM_BUILD_ROOT/var/run/radiusd
-mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/{logrotate.d,pam.d,rc.d/init.d}
+mkdir -p $RPM_BUILD_ROOT/%{initddir}
+mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/{logrotate.d,pam.d}
 mkdir -p $RPM_BUILD_ROOT/var/lib/radiusd
 # fix for bad libtool bug - can not rebuild dependent libs and bins
 #FIXME export LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_libdir}
@@ -206,7 +208,7 @@ perl -i -pe 's/^#group =.*$/group = radiusd/' $RADDB/radiusd.conf
 mkdir -p $RPM_BUILD_ROOT/var/log/radius/radacct
 touch $RPM_BUILD_ROOT/var/log/radius/{radutmp,radius.log}
 
-install -m 755 %{SOURCE100} $RPM_BUILD_ROOT/%{_initrddir}/radiusd
+install -m 755 %{SOURCE100} $RPM_BUILD_ROOT/%{initddir}/radiusd
 install -m 644 %{SOURCE102} $RPM_BUILD_ROOT/%{_sysconfdir}/logrotate.d/radiusd
 install -m 644 %{SOURCE103} $RPM_BUILD_ROOT/%{_sysconfdir}/pam.d/radiusd
 
@@ -330,7 +332,7 @@ fi
 %doc %{docdir}/
 %config(noreplace) %{_sysconfdir}/pam.d/radiusd
 %config(noreplace) %{_sysconfdir}/logrotate.d/radiusd
-%config(noreplace) %{_initrddir}/radiusd
+%config(noreplace) %{initddir}/radiusd
 %dir %attr(755,radiusd,radiusd) /var/lib/radiusd
 # configs
 %dir %attr(755,root,radiusd) /etc/raddb
@@ -409,7 +411,7 @@ fi
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/sradutmp
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/unix
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/wimax
-%dir %attr(700,radiusd,radiusd) /var/run/radiusd/
+%dir %attr(755,radiusd,radiusd) /var/run/radiusd/
 # binaries
 %defattr(-,root,root)
 /usr/sbin/checkrad
@@ -621,6 +623,11 @@ fi
 %{_libdir}/freeradius/rlm_sql_unixodbc-%{version}.so
 
 %changelog
+* Thu Dec  3 2009 John Dennis <jdennis@redhat.com> - 2.1.7-3
+- resolves: bug #522111 non-conformant initscript
+  also change permission of /var/run/radiusd from 0700 to 0755
+  so that "service radiusd status" can be run as non-root
+
 * Wed Sep 16 2009 Tomas Mraz <tmraz@redhat.com> - 2.1.7-2
 - use password-auth common PAM configuration instead of system-auth