[tac_plus] Re: Possible Bug in tacacs+-F4.0.4.10

john heasley heas at shrubbery.net
Fri Dec 1 22:44:24 UTC 2006


Fri, Dec 01, 2006 at 03:22:38PM -0700, Vermilion, Lance:
> John,
> 
> You are a life saver. Thank you. I didn't think to look at that. That
> fixed me. Is there a way to add a check like that in the code? Make sure
> the user has perms to that file and if not error on it?

You should have seen two log messages in your syslog; like this:

    if ((cf = fopen(cfile, "r")) == NULL) {
        report(LOG_ERR, "read_config: fopen() error for file %s %s, exiting",
               cfile, strerror(errno));
        return(1);
    }

and another "failure" msg from the signal handler (which technically is
not async safe, but ...).

or do you mean checking the access during initial configuration parsing?

I suppose that the daemon really does not need to exit if it can't read
the config, but that seems the path of least suprise ["hey, why is that
user still active" - some months after it was removed].



More information about the tac_plus mailing list