# -*- text -*- ###################################################################### # # Control socket interface. # # In the future, we will add username/password checking for # connections to the control socket. We will also add # command authorization, where the commands entered by the # administrator are run through a virtual server before # they are executed. # # For now, anyone who has permission to connect to the socket # has nearly complete control over the server. Be warned! # # This functionality is NOT enabled by default. # # See also the "radmin" program, which is used to communicate # with the server over the control socket. # # $Id: 97ba9ef972539af80dcaf84090b55d991095a93e $ # ###################################################################### listen { # # Listen on the control socket. # type = control # # Socket location. # # This file is created with the server's uid and gid. # It's permissions are r/w for that user and group, and # no permissions for "other" users. These permissions form # minimal security, and should not be relied on. # socket = ${run_dir}/${name}.sock # # Peercred auth # # By default the server users the peercred feature of unix # sockets to get the UID and GID of the user connecting to # the socket. You may choose to disable this functionality # and rely on the file system for enforcing permissions. # # On most Unix systems, the permissions set on the socket # are not enforced, but the ones on the directory containing # the socket are. # # To use filesystem permissions you should create a new # directory just to house the socket file, and set # appropriate permissions on that. # # peercred = no # socket = ${run_dir}/control/${name}.sock # # The following two parameters perform authentication and # authorization of connections to the control socket. # # If not set, then ANYONE can connect to the control socket, # and have complete control over the server. This is likely # not what you want. # # One, or both, of "uid" and "gid" should be set. If set, the # corresponding value is checked. Unauthorized users result # in an error message in the log file, and the connection is # closed. # # # Name of user that is allowed to connect to the control socket. # # uid = freerad # # Name of group that is allowed to connect to the control socket. # # gid = freerad # # Access mode. # # This can be used to give *some* administrators access to # monitor the system, but not to change it. # # ro = read only access (default) # rw = read/write access. # # mode = rw }