supervise-radiusd.txt   [plain text]

Supervising the Radiusd Daemon


    We all hope that our radius daemons won't die in the middle of the
    nite stranding customer and beeping beepers.  But, alas, it's going
    to happen, and when you least expect it.  That's why you want a 
    another process watching your radius daemon, restarting it if and
    when it dies.

    This text describes how to setup both the free radius daemon so that
    it is automatically restarted upon death.  To do this, we'll use
    either Dan Bernstein's 'daemontools' package or the inittab file.

    Note: The radwatch script that used to be part of this distribution,
    is depreciated and SHOULD NOT BE USED.


    First, download (and install) daemontools from:

    The latest version as of this writing is 0.70.  It would be well
    worth your while to read all the documentation at that site too,
    as you can do much more with daemontools than I describe here.

    Next, we'll need a directory for the radius 'service' to use with 
    daemontools.  I usually create a dir '/var/svc' to hold all my
    daemontool supervised services.  Ie:

    # mkdir /var/svc
    # mkdir /var/svc/radiusd

    Now we just need a short shell script called 'run' in our new
    service directory that will start our daemon.  The following should
    get you started:

    exec /usr/local/sbin/radiusd -s -f 

    Of course you'll want to make that 'run' file executable:

    # chmod +x /var/svc/radiusd/run

    Note, you *MUST* use the '-f' option when supervising.  That option
    tells radiusd not to detach from the tty when starting.  If you don't
    use that option, the daemontools will always think that radiusd has
    just died and will (try to) restart it.  Not good.

    Now the only left to do is to start the 'supervise' command that
    came with daemontools.  Do that like so:

    # supervise /var/svc/radiusd


    Any maintenance you need to do with almost certainly be done with the
    'svc' program in the deamontools package.  Ie:

    Shutdown radiusd:
    # svc -d /var/svc/radiusd

    Start it back up:
    # svc -u /var/svc/radiusd

    Send HUP to radiusd:
    # svc -h /var/svc/radiusd 

    Shutdown and stop supervising radiusd:
    # svc -dx /var/svc/radiusd


    This is really pretty easy, but it is system dependent.  I strongly
    suggest you read the man pages for your 'init' before playing with 
    this.  You can seriously hose your system if you screw up your
    Add this line (or something similar to it) to your inittab:

    fr:23:respawn:/usr/local/sbin/radiusd -f -s &> /dev/null

    Now all that's left is to have the system reread the inittab.  Usually
    that's done with one of the following:

    # telinit Q
    # init q

    Now you should see a 'radiusd' process when you issue a 'ps'.  If you
    don't, try to run the radiusd command you put in inittab manually.
    If it works, that means you didn't tell the system to reread inittab
    properly.  If it doesn't work, that means your radius start command
    is bad and you need to fix it.

    Document author:  Jeff Carneal
    daemontools auther:  Dan Bernstein
    Further daemontool notes (below):  Antonio Dias
    Radwatch note: Andrey Melnikov


    Here are some notes by Antonia Dias sent to the free radius mailing list.
    Some of you may find this useful after reading the above and the docs for

    daemontools instructions
    I am running radiusd under supervise from daemontools without problems.
    The only thing I am missing right now is an option to force radiusd to
    send log to stderr so I can manage logs better with multilog (also
    included in daemontools package). Here is the procedure I've been
    following (for Cistron RADIUS):
        root@storm:~> groupadd log
        root@storm:~> useradd -g log log
        root@storm:~> mkdir /etc/radiusd
        root@storm:~> mkdir /etc/radiusd/log
        root@storm:~> mkdir /etc/radiusd/log/main
        root@storm:~> chmod +t+s /etc/radiusd /etc/radiusd/log
        root@storm:~> chown log.log /etc/radiusd/log/main
    Here are the contents of run files from /etc/radiusd and /etc/radiusd/log
        root@storm:~> cd /etc/radiusd
        root@storm:/etc/radiusd> cat run
        exec 2>&1
        exec /usr/sbin/radiusd -fyzx
        root@storm:/etc/radiusd> cd /etc/radiusd/log
        root@storm:/etc/radiusd/log> cat run
        exec setuidgid log multilog t ./main
    To make service wake-up do:
        root@storm:~> ln -sf /etc/radiusd /service
    Hang-up (to reload config) it using:
        root@storm:~> svc -h /service/radiusd
    Disable (down) it using:
        root@storm:~> svc -d /service/radiusd
    Reenable (up) it using:
        root@storm:~> svc -u /service/radiusd
    Antonio Dias