| 4 |
- |
1 |
# -*- text -*-
|
|
|
2 |
######################################################################
|
|
|
3 |
#
|
|
|
4 |
# Control socket interface.
|
|
|
5 |
#
|
|
|
6 |
# In the future, we will add username/password checking for
|
|
|
7 |
# connections to the control socket. We will also add
|
|
|
8 |
# command authorization, where the commands entered by the
|
|
|
9 |
# administrator are run through a virtual server before
|
|
|
10 |
# they are executed.
|
|
|
11 |
#
|
|
|
12 |
# For now, anyone who has permission to connect to the socket
|
|
|
13 |
# has nearly complete control over the server. Be warned!
|
|
|
14 |
#
|
|
|
15 |
# This functionality is NOT enabled by default.
|
|
|
16 |
#
|
|
|
17 |
# See also the "radmin" program, which is used to communicate
|
|
|
18 |
# with the server over the control socket.
|
|
|
19 |
#
|
| 34 |
- |
20 |
# $Id: 6a6f2b9428713083720b145d12c90b9747510ec1 $
|
| 4 |
- |
21 |
#
|
|
|
22 |
######################################################################
|
|
|
23 |
listen {
|
|
|
24 |
#
|
|
|
25 |
# Listen on the control socket.
|
|
|
26 |
#
|
|
|
27 |
type = control
|
|
|
28 |
|
|
|
29 |
#
|
|
|
30 |
# Socket location.
|
|
|
31 |
#
|
|
|
32 |
# This file is created with the server's uid and gid.
|
|
|
33 |
# It's permissions are r/w for that user and group, and
|
|
|
34 |
# no permissions for "other" users. These permissions form
|
|
|
35 |
# minimal security, and should not be relied on.
|
|
|
36 |
#
|
|
|
37 |
socket = ${run_dir}/${name}.sock
|
|
|
38 |
|
|
|
39 |
#
|
|
|
40 |
# The following two parameters perform authentication and
|
|
|
41 |
# authorization of connections to the control socket.
|
|
|
42 |
#
|
|
|
43 |
# If not set, then ANYONE can connect to the control socket,
|
|
|
44 |
# and have complete control over the server. This is likely
|
|
|
45 |
# not what you want.
|
|
|
46 |
#
|
|
|
47 |
# One, or both, of "uid" and "gid" should be set. If set, the
|
|
|
48 |
# corresponding value is checked. Unauthorized users result
|
|
|
49 |
# in an error message in the log file, and the connection is
|
|
|
50 |
# closed.
|
|
|
51 |
#
|
|
|
52 |
|
|
|
53 |
#
|
|
|
54 |
# Name of user that is allowed to connect to the control socket.
|
|
|
55 |
#
|
|
|
56 |
# uid = radius
|
|
|
57 |
|
|
|
58 |
#
|
|
|
59 |
# Name of group that is allowed to connect to the control socket.
|
|
|
60 |
#
|
|
|
61 |
# gid = radius
|
|
|
62 |
|
|
|
63 |
#
|
|
|
64 |
# Access mode.
|
|
|
65 |
#
|
|
|
66 |
# This can be used to give *some* administrators access to
|
|
|
67 |
# monitor the system, but not to change it.
|
|
|
68 |
#
|
|
|
69 |
# ro = read only access (default)
|
|
|
70 |
# rw = read/write access.
|
|
|
71 |
#
|
|
|
72 |
# mode = rw
|
|
|
73 |
}
|