control-socket.erb 1.93 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
# -*- text -*-
######################################################################
#
#	Control socket interface.
#
#	In the future, we will add username/password checking for
#	connections to the control socket.  We will also add
#	command authorization, where the commands entered by the
#	administrator are run through a virtual server before
#	they are executed.
#
#	For now, anyone who has permission to connect to the socket
#	has nearly complete control over the server.  Be warned!
#
#	This functionality is NOT enabled by default.
#
#	See also the "radmin" program, which is used to communicate
#	with the server over the control socket.
#
#	$Id$
#
######################################################################
listen {
	#
	#  Listen on the control socket.
	#
	type = control

	#
	#  Socket location.
	#
	#  This file is created with the server's uid and gid.
	#  It's permissions are r/w for that user and group, and
	#  no permissions for "other" users.  These permissions form
	#  minimal security, and should not be relied on.
	#
	socket = ${run_dir}/${name}.sock

	#
	#  The following two parameters perform authentication and
	#  authorization of connections to the control socket.
	#
	#  If not set, then ANYONE can connect to the control socket,	
	#  and have complete control over the server.  This is likely
	#  not what you want.
	#
	#  One, or both, of "uid" and "gid" should be set.  If set, the
	#  corresponding value is checked.  Unauthorized users result
	#  in an error message in the log file, and the connection is
	#  closed.
	#

	#
	#  Name of user that is allowed to connect to the control socket.
	#
56
	uid = <%= @fr_user %>
57
58
59
60

	#
	#  Name of group that is allowed to connect to the control socket.
	#
61
	gid = <%= @fr_group %>
62
63
64
65
66
67
68
69
70
71
72
73

	#
	#  Access mode.
	#
	#  This can be used to give *some* administrators access to
	#  monitor the system, but not to change it.
	#
	#	ro = read only access (default)
	#	rw = read/write access.
	#
	mode = rw
}