# user = radius
# group = radius
+ #
+ # After the server has changed to the final user/group, it
+ # can also set the current working directory. While not
+ # necessary, changing the working directory means that the
+ # server does not have any dangling paths.
+ #
+ # The directory here should either be "/", or ${confdir}
+ #
+# chdir = ${confdir}
+
+
#
# allow_core_dumps:: Core dumps are a bad thing.
#
*/
rad_suid_down_permanent();
+ /*
+ * Move the current working directory to a place where it
+ * can't hurt anything.
+ */
+ if (main_config->chdir_is_set) {
+ if (chdir(main_config->chdir) < 0) {
+ ERROR("Failed changing working to %s: %s", main_config->chdir, fr_syserror(errno));
+ EXIT_WITH_FAILURE;
+ }
+ }
+
DUMP_CAPABILITIES("post-suid-down");
/*
{ FR_CONF_OFFSET_IS_SET("openssl_fips_mode", FR_TYPE_BOOL, 0, main_config_t, openssl_fips_mode), .dflt = "no" },
#endif
+ { FR_CONF_OFFSET_IS_SET("chdir", FR_TYPE_STRING, 0, main_config_t, chdir), },
+
CONF_PARSER_TERMINATOR
};
bool gid_is_set;
#endif
+ char const *chdir; //!< where to chdir() to when we start.
+ bool chdir_is_set;
+
#ifdef ENABLE_OPENSSL_VERSION_CHECK
char const *allow_vulnerable_openssl; //!< The CVE number of the last security issue acknowledged.
#endif
projects / thirdparty / freeradius-server.git / commitdiff
