diff options
Diffstat (limited to '')
-rw-r--r-- | raddb/sites-available/control-socket | 92 |
1 files changed, 92 insertions, 0 deletions
diff --git a/raddb/sites-available/control-socket b/raddb/sites-available/control-socket new file mode 100644 index 0000000..97ba9ef --- /dev/null +++ b/raddb/sites-available/control-socket @@ -0,0 +1,92 @@ +# -*- text -*- +###################################################################### +# +# Control socket interface. +# +# In the future, we will add username/password checking for +# connections to the control socket. We will also add +# command authorization, where the commands entered by the +# administrator are run through a virtual server before +# they are executed. +# +# For now, anyone who has permission to connect to the socket +# has nearly complete control over the server. Be warned! +# +# This functionality is NOT enabled by default. +# +# See also the "radmin" program, which is used to communicate +# with the server over the control socket. +# +# $Id$ +# +###################################################################### +listen { + # + # Listen on the control socket. + # + type = control + + # + # Socket location. + # + # This file is created with the server's uid and gid. + # It's permissions are r/w for that user and group, and + # no permissions for "other" users. These permissions form + # minimal security, and should not be relied on. + # + socket = ${run_dir}/${name}.sock + + # + # Peercred auth + # + # By default the server users the peercred feature of unix + # sockets to get the UID and GID of the user connecting to + # the socket. You may choose to disable this functionality + # and rely on the file system for enforcing permissions. + # + # On most Unix systems, the permissions set on the socket + # are not enforced, but the ones on the directory containing + # the socket are. + # + # To use filesystem permissions you should create a new + # directory just to house the socket file, and set + # appropriate permissions on that. + # +# peercred = no +# socket = ${run_dir}/control/${name}.sock + + # + # The following two parameters perform authentication and + # authorization of connections to the control socket. + # + # If not set, then ANYONE can connect to the control socket, + # and have complete control over the server. This is likely + # not what you want. + # + # One, or both, of "uid" and "gid" should be set. If set, the + # corresponding value is checked. Unauthorized users result + # in an error message in the log file, and the connection is + # closed. + # + + # + # Name of user that is allowed to connect to the control socket. + # +# uid = radius + + # + # Name of group that is allowed to connect to the control socket. + # +# gid = radius + + # + # Access mode. + # + # This can be used to give *some* administrators access to + # monitor the system, but not to change it. + # + # ro = read only access (default) + # rw = read/write access. + # +# mode = rw +} |