Package: freeradius Version: 3.0.17+dfsg-1.1 Hello.
We have a problem with freeradius init script after upgrade to up-to-date Deb10 with sysvinit. It is not possible to reload configuration or stop daemon. ps axf|grep radius 1838 ? Ssl 1:07 /usr/sbin/freeradius 24598 pts/0 S+ 0:00 \_ grep radius /etc/init.d/freeradius stop [ ok ] Stopping FreeRADIUS daemon: freeradius. ps axf|grep radius 1838 ? Ssl 1:07 /usr/sbin/freeradius 24688 pts/0 S+ 0:00 /etc/init.d/freeradius reload [ ok ] Checking FreeRADIUS daemon configuration...done (Configuration appears to be OK). [ ok ] FreeRADIUS daemon is running. [....] Reloading FreeRADIUS daemon: freeradiusstart-stop-daemon: matching only on non-root pidfile /var/run/freeradius/freeradius.pid is insecure failed! I fixed this by patch /etc/init.d/freeradius script (attached): /etc/init.d/freeradius reload [ ok ] Checking FreeRADIUS daemon configuration...done (Configuration appears to be OK). [ ok ] FreeRADIUS daemon is running. [ ok ] Reloading FreeRADIUS daemon: freeradius. /etc/init.d/freeradius stop [ ok ] Stopping FreeRADIUS daemon: freeradius. ps axf|grep radius 27235 pts/0 S+ 0:00 | \_ grep radius There is relevant information in dpkg manpage: Warning: using this match option with a world-writable pidfile or using it alone with a daemon that writes the pidfile as an unprivileged (non-root) user will be refused with an error (since version 1.19.3) as this is a security risk, because either any user can write to it, or if the daemon gets compromised, the contents of the pidfile cannot be trusted, and then a privileged runner (such as an init script executed as root) would end up acting on any system process. Using /dev/null is exempt from these checks. Regards, J.K.
65c65 < killproc -p "$PIDFILE" || ret=$? --- > start-stop-daemon --oknodo --stop --user freerad --pidfile $PIDFILE || ret=$? 82c82 < start-stop-daemon --stop --signal HUP --quiet --pidfile $PIDFILE || ret=$? --- > start-stop-daemon --stop --signal HUP --quiet --user freerad --pidfile $PIDFILE || ret=$?
