Re: Error: Exec-Program: Permission Denied when running via service start
Hi, > *sigh* it was indeed SELinux. I thought it had it disabled. Still > not exactly sure why when I wrapped the init.d statement with a 'sh' > it works, but nevertheless you solved my issue. Thanks John. you are going to fix the issue as shown by audit2allow etc rathr than just leave SELinux disabled or permissive? (so many people do thatthen wonder how the bad guys got onto their server) alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error: Exec-Program: Permission Denied when running via service start
Hi, > I've implemented mOTP as en external authentication program by > defining it in radiusd.conf with a Program = "/etc/raddb/otpverify.sh" > statement. > As I said, it does indeed work properly, except, when I start the > radiusd server up as a daemon via init.d > > radiusd -X - Works properly > service radiusd start or /etc/init.d/radiusd start FAILS > sh /etc/init.d/radiusd start Works > > When it works properly, I get proper Accept Replys. When it 'fails', > its due to not being able to execute the script and this is logged in > radius.log > Error: Exec-Program: FAILED to execute /etc/raddb/otpverify.sh: > Permission denied it sounds like basics...but this error message is pretty straight forward... what are the permissions on that file? are you running eg SELinux ? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error: Exec-Program: Permission Denied when running via service start
On 03/29/2011 03:20 PM, Christopher Athans wrote: *sigh* it was indeed SELinux. I thought it had it disabled. Still not exactly sure why when I wrapped the init.d statement with a 'sh' it works, but nevertheless you solved my issue. Thanks John. The behavior is different because /sbin/service has special SELinux transition rules. -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error: Exec-Program: Permission Denied when running via service start
*sigh* it was indeed SELinux. I thought it had it disabled. Still not exactly sure why when I wrapped the init.d statement with a 'sh' it works, but nevertheless you solved my issue. Thanks John. On Tue, Mar 29, 2011 at 2:16 PM, John Dennis wrote: > On 03/29/2011 03:09 PM, Christopher Athans wrote: >> >> Greetings all, I've been racking my brains out trying to solve/debug >> the following issue, hopefully someone can provide a new perspective. >> >> I've implemented mOTP as en external authentication program by >> defining it in radiusd.conf with a Program = "/etc/raddb/otpverify.sh" >> statement. >> As I said, it does indeed work properly, except, when I start the >> radiusd server up as a daemon via init.d >> >> radiusd -X - Works properly >> service radiusd start or /etc/init.d/radiusd start FAILS >> sh /etc/init.d/radiusd start Works >> >> When it works properly, I get proper Accept Replys. When it 'fails', >> its due to not being able to execute the script and this is logged in >> radius.log >> Error: Exec-Program: FAILED to execute /etc/raddb/otpverify.sh: >> Permission denied >> >> In all the above scenarios, I was root when executing the statements. >> I am *not* in a chroot jail, all the necessary directories are >> read/write by user 'radiusd' which is what the process is running as. >> I'm also using the init.d script that came with the CentOS package. >> >> My linux platform and freeradius information is as follows: >> >> CentOS 5.5 - 2.6.18-194.32.1.el5 #1 SMP x86_64 GNU/Linux >> running FreeRADIUS Version 2.1.7, for host x86_64-redhat-linux-gnu. >> >> >> Thanks for any assistance with this. > > Is SELinux enabled? > > % getenforce > > If it's enforcing then set it to permissive mode > > % setenforce 0 > > Now does it work? If so what were your recent AVC's in > /var/log/audit/audit.log? > > Not the problem? Then verify the script can run as the radiusd user. > > > > -- > John Dennis > > Looking to carve out IT costs? > www.redhat.com/carveoutcosts/ > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error: Exec-Program: Permission Denied when running via service start
On 03/29/2011 03:09 PM, Christopher Athans wrote: Greetings all, I've been racking my brains out trying to solve/debug the following issue, hopefully someone can provide a new perspective. I've implemented mOTP as en external authentication program by defining it in radiusd.conf with a Program = "/etc/raddb/otpverify.sh" statement. As I said, it does indeed work properly, except, when I start the radiusd server up as a daemon via init.d radiusd -X - Works properly service radiusd start or /etc/init.d/radiusd start FAILS sh /etc/init.d/radiusd start Works When it works properly, I get proper Accept Replys. When it 'fails', its due to not being able to execute the script and this is logged in radius.log Error: Exec-Program: FAILED to execute /etc/raddb/otpverify.sh: Permission denied In all the above scenarios, I was root when executing the statements. I am *not* in a chroot jail, all the necessary directories are read/write by user 'radiusd' which is what the process is running as. I'm also using the init.d script that came with the CentOS package. My linux platform and freeradius information is as follows: CentOS 5.5 - 2.6.18-194.32.1.el5 #1 SMP x86_64 GNU/Linux running FreeRADIUS Version 2.1.7, for host x86_64-redhat-linux-gnu. Thanks for any assistance with this. Is SELinux enabled? % getenforce If it's enforcing then set it to permissive mode % setenforce 0 Now does it work? If so what were your recent AVC's in /var/log/audit/audit.log? Not the problem? Then verify the script can run as the radiusd user. -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Error: Exec-Program: Permission Denied when running via service start
Greetings all, I've been racking my brains out trying to solve/debug the following issue, hopefully someone can provide a new perspective. I've implemented mOTP as en external authentication program by defining it in radiusd.conf with a Program = "/etc/raddb/otpverify.sh" statement. As I said, it does indeed work properly, except, when I start the radiusd server up as a daemon via init.d radiusd -X - Works properly service radiusd start or /etc/init.d/radiusd start FAILS sh /etc/init.d/radiusd start Works When it works properly, I get proper Accept Replys. When it 'fails', its due to not being able to execute the script and this is logged in radius.log Error: Exec-Program: FAILED to execute /etc/raddb/otpverify.sh: Permission denied In all the above scenarios, I was root when executing the statements. I am *not* in a chroot jail, all the necessary directories are read/write by user 'radiusd' which is what the process is running as. I'm also using the init.d script that came with the CentOS package. My linux platform and freeradius information is as follows: CentOS 5.5 - 2.6.18-194.32.1.el5 #1 SMP x86_64 GNU/Linux running FreeRADIUS Version 2.1.7, for host x86_64-redhat-linux-gnu. Thanks for any assistance with this. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
