From 9a502883369ac2d353e09468aa6d0ac71c5b73a2 Mon Sep 17 00:00:00 2001
From: Matt Turner <mattst88@gentoo.org>
Date: Wed, 23 Nov 2016 10:19:55 -0800
Subject: net-dialup/freeradius: Run service as radius user by default.

Bug: https://bugs.gentoo.org/465768
---
 net-dialup/freeradius/files/radius.conf-r4        | 16 ++++++++++++++++
 net-dialup/freeradius/freeradius-3.0.12-r1.ebuild |  6 +++++-
 2 files changed, 21 insertions(+), 1 deletion(-)
 create mode 100644 net-dialup/freeradius/files/radius.conf-r4

(limited to 'net-dialup')

diff --git a/net-dialup/freeradius/files/radius.conf-r4 b/net-dialup/freeradius/files/radius.conf-r4
new file mode 100644
index 000000000000..a5760d29f7b9
--- /dev/null
+++ b/net-dialup/freeradius/files/radius.conf-r4
@@ -0,0 +1,16 @@
+# Config file for /etc/init.d/radiusd
+
+# see man pages for radiusd run `radiusd -h`
+# for valid cmdline options
+#RADIUSD_OPTS=""
+
+# Change this value if you change it in /etc/raddb/radiusd.conf
+pidfile=/var/run/radiusd/radiusd.pid
+
+# Change these values if you change them in /etc/raddb/radiusd.conf
+RADIUSD_USER=radius
+RADIUSD_GROUP=radius
+
+# If you set up logging to syslog in /etc/raddb/radiusd.conf, you want
+# to uncomment the following line.
+#rc_use="logger"
diff --git a/net-dialup/freeradius/freeradius-3.0.12-r1.ebuild b/net-dialup/freeradius/freeradius-3.0.12-r1.ebuild
index 48c72ca85f42..f69459b72293 100644
--- a/net-dialup/freeradius/freeradius-3.0.12-r1.ebuild
+++ b/net-dialup/freeradius/freeradius-3.0.12-r1.ebuild
@@ -98,6 +98,8 @@ src_prepare() {
 	}
 
 	sed -i \
+		-e 's:^#\tuser = :\tuser = :g' \
+		-e 's:^#\tgroup = :\tgroup = :g' \
 		-e 's:/var/run/radiusd:/run/radiusd:g' \
 		-e '/^run_dir/s:${localstatedir}::g' \
 		raddb/radiusd.conf.in || die
@@ -196,7 +198,7 @@ src_install() {
 	rm "${D}/usr/sbin/rc.radiusd" || die
 
 	newinitd "${FILESDIR}/radius.init-r3" radiusd
-	newconfd "${FILESDIR}/radius.conf-r3" radiusd
+	newconfd "${FILESDIR}/radius.conf-r4" radiusd
 
 	prune_libtool_files
 }
@@ -205,6 +207,8 @@ pkg_config() {
 	if use ssl; then
 		cd "${ROOT}"/etc/raddb/certs
 		./bootstrap
+
+		chown -R root:radius "${ROOT}"/etc/raddb/certs
 	fi
 }
 
-- 
cgit v1.2.3-65-gdbad