| Chetan Gaonker | 7f4bf74 | 2016-05-04 15:56:08 -0700 | [diff] [blame] | 1 | # -*- text -*- |
| 2 | ###################################################################### |
| 3 | # |
| 4 | # Control socket interface. |
| 5 | # |
| 6 | # In the future, we will add username/password checking for |
| 7 | # connections to the control socket. We will also add |
| 8 | # command authorization, where the commands entered by the |
| 9 | # administrator are run through a virtual server before |
| 10 | # they are executed. |
| 11 | # |
| 12 | # For now, anyone who has permission to connect to the socket |
| 13 | # has nearly complete control over the server. Be warned! |
| 14 | # |
| 15 | # This functionality is NOT enabled by default. |
| 16 | # |
| 17 | # See also the "radmin" program, which is used to communicate |
| 18 | # with the server over the control socket. |
| 19 | # |
| 20 | # $Id: 8d06082d3a8fba31bb1471aef19e28093cee4a9e $ |
| 21 | # |
| 22 | ###################################################################### |
| 23 | listen { |
| 24 | # |
| 25 | # Listen on the control socket. |
| 26 | # |
| 27 | type = control |
| 28 | |
| 29 | # |
| 30 | # Socket location. |
| 31 | # |
| 32 | # This file is created with the server's uid and gid. |
| 33 | # It's permissions are r/w for that user and group, and |
| 34 | # no permissions for "other" users. These permissions form |
| 35 | # minimal security, and should not be relied on. |
| 36 | # |
| 37 | socket = ${run_dir}/${name}.sock |
| 38 | |
| 39 | # |
| 40 | # The following two parameters perform authentication and |
| 41 | # authorization of connections to the control socket. |
| 42 | # |
| 43 | # If not set, then ANYONE can connect to the control socket, |
| 44 | # and have complete control over the server. This is likely |
| 45 | # not what you want. |
| 46 | # |
| 47 | # One, or both, of "uid" and "gid" should be set. If set, the |
| 48 | # corresponding value is checked. Unauthorized users result |
| 49 | # in an error message in the log file, and the connection is |
| 50 | # closed. |
| 51 | # |
| 52 | |
| 53 | # |
| 54 | # Name of user that is allowed to connect to the control socket. |
| 55 | # |
| 56 | # uid = radius |
| 57 | |
| 58 | # |
| 59 | # Name of group that is allowed to connect to the control socket. |
| 60 | # |
| 61 | # gid = radius |
| 62 | |
| 63 | # |
| 64 | # Access mode. |
| 65 | # |
| 66 | # This can be used to give *some* administrators access to |
| 67 | # monitor the system, but not to change it. |
| 68 | # |
| 69 | # ro = read only access (default) |
| 70 | # rw = read/write access. |
| 71 | # |
| 72 | # mode = rw |
| 73 | } |