# Ensure the daemon can still write its pidfile after it drops
# privileges. Combination of options that work on a variety of
# systems. Test very carefully if you alter these lines.
-RuntimeDirectory=freeradius
+RuntimeDirectory=freeradius freeradius/tmp
RuntimeDirectoryMode=0775
# This does not work on Debian Jessie:
User=freerad
# You should also delete all of the files
# in the directory when the server starts.
#
+ # Note that, on Linux systems with systemd, the
+ # /tmp directory may be restricted. In this case
+ # it may be best to use `${run_dir}/tmp` here
+ # and create the temporary directory with the
+ # systemd `RuntimeDirectory` unit option.
+ #
# tmpdir = /tmp/radiusd
# The command used to verify the client cert.
#
# You should also delete all of the files
# in the directory when the server starts.
- # tmpdir = /tmp/radiusd
+ #
+ # Note that, on Linux systems with systemd, the
+ # /tmp directory may be restricted. In this case
+ # it may be best to use `${run_dir}/tmp` here
+ # and create the temporary directory with the
+ # systemd `RuntimeDirectory` unit option.
+ #
+ # tmpdir = /tmp/radiusd
# The command used to verify the client cert.
# We recommend using the OpenSSL command-line
# in PEM format. This file is automatically
# deleted by the server when the command
# returns.
- # client = "/path/to/openssl verify -CApath ${..ca_path} %{TLS-Client-Cert-Filename}"
+ # client = "/path/to/openssl verify -CApath ${..ca_path} %{TLS-Client-Cert-Filename}"
}
#
# a leak somewhere.
MemoryLimit=2G
-RuntimeDirectory=radiusd
+RuntimeDirectory=radiusd radiusd/tmp
RuntimeDirectoryMode=0775
User=radiusd
Group=radiusd
projects / thirdparty / freeradius-server.git / commitdiff
