74 lines
2.0 KiB
Plaintext
74 lines
2.0 KiB
Plaintext
# -*- text -*-
|
|
######################################################################
|
|
#
|
|
# Control socket interface.
|
|
#
|
|
# In the future, we will add username/password checking for
|
|
# connections to the control socket. We will also add
|
|
# command authorization, where the commands entered by the
|
|
# administrator are run through a virtual server before
|
|
# they are executed.
|
|
#
|
|
# For now, anyone who has permission to connect to the socket
|
|
# has nearly complete control over the server. Be warned!
|
|
#
|
|
# This functionality is NOT enabled by default.
|
|
#
|
|
# See also the "radmin" program, which is used to communicate
|
|
# with the server over the control socket.
|
|
#
|
|
# $Id: 6a6f2b9428713083720b145d12c90b9747510ec1 $
|
|
#
|
|
######################################################################
|
|
listen {
|
|
#
|
|
# Listen on the control socket.
|
|
#
|
|
type = control
|
|
|
|
#
|
|
# Socket location.
|
|
#
|
|
# This file is created with the server's uid and gid.
|
|
# It's permissions are r/w for that user and group, and
|
|
# no permissions for "other" users. These permissions form
|
|
# minimal security, and should not be relied on.
|
|
#
|
|
socket = ${run_dir}/${name}.sock
|
|
|
|
#
|
|
# The following two parameters perform authentication and
|
|
# authorization of connections to the control socket.
|
|
#
|
|
# If not set, then ANYONE can connect to the control socket,
|
|
# and have complete control over the server. This is likely
|
|
# not what you want.
|
|
#
|
|
# One, or both, of "uid" and "gid" should be set. If set, the
|
|
# corresponding value is checked. Unauthorized users result
|
|
# in an error message in the log file, and the connection is
|
|
# closed.
|
|
#
|
|
|
|
#
|
|
# Name of user that is allowed to connect to the control socket.
|
|
#
|
|
# uid = radius
|
|
|
|
#
|
|
# Name of group that is allowed to connect to the control socket.
|
|
#
|
|
# gid = radius
|
|
|
|
#
|
|
# Access mode.
|
|
#
|
|
# This can be used to give *some* administrators access to
|
|
# monitor the system, but not to change it.
|
|
#
|
|
# ro = read only access (default)
|
|
# rw = read/write access.
|
|
#
|
|
# mode = rw
|
|
}
|