summaryrefslogtreecommitdiff
blob: 04223657d5f5a50b23a8814ee20dfcc9eb0b73db (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
diff --git a/debian/freeradius.service b/debian/freeradius.service
index 378702d184..ee33c2a294 100644
--- a/debian/freeradius.service
+++ b/debian/freeradius.service
@@ -7,7 +7,6 @@ Documentation=man:radiusd(8) man:radiusd.conf(5) http://wiki.freeradius.org/ htt
 Type=notify
 WatchdogSec=60
 NotifyAccess=all
-EnvironmentFile=-/etc/default/freeradius
 
 # FreeRADIUS can do static evaluation of policy language rules based
 # on environmental variables which is very useful for doing per-host
@@ -25,16 +24,15 @@ MemoryLimit=2G
 # Ensure the daemon can still write its pidfile after it drops
 # privileges. Combination of options that work on a variety of
 # systems. Test very carefully if you alter these lines.
-RuntimeDirectory=freeradius
+RuntimeDirectory=radiusd
 RuntimeDirectoryMode=0775
 # This does not work on Debian Jessie:
-User=freerad
-Group=freerad
-# This does not work on Ubuntu Bionic:
-ExecStartPre=/bin/chown freerad:freerad /var/run/freeradius
+User=radius
+Group=radius
 
-ExecStartPre=/usr/sbin/freeradius $FREERADIUS_OPTIONS -Cx -lstdout
-ExecStart=/usr/sbin/freeradius -f $FREERADIUS_OPTIONS
+ExecStartPre=/usr/sbin/radiusd $RADIUSD_OPTIONS -Cx -lstdout
+ExecStart=/usr/sbin/radiusd -f $RADIUSD_OPTIONS
+ExecReload=/bin/kill -HUP $MAINPID
 Restart=on-failure
 RestartSec=5
 
@@ -42,7 +40,7 @@ RestartSec=5
 NoNewPrivileges=true
 
 # Allow binding to secure ports, broadcast addresses, and raw interfaces.
-#CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SETUID CAP_SETGID CAP_CHOWN CAP_DAC_OVERRIDE
+CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SETUID CAP_SETGID CAP_CHOWN CAP_DAC_OVERRIDE
 
 # Private /tmp that isn't shared by other processes
 PrivateTmp=true
@@ -60,10 +58,10 @@ ProtectKernelTunables=true
 SystemCallArchitectures=native
 
 # We shouldn't be writing to the configuration directory
-ReadOnlyDirectories=/etc/freeradius/
+ReadOnlyDirectories=/etc/raddb/
 
 # We can read and write to the log directory.
-ReadWriteDirectories=/var/log/freeradius/
+ReadWriteDirectories=/var/log/radius/
 
 [Install]
 WantedBy=multi-user.target