[freeside] Billing and other questions

ivan ivan at 420.am
Mon Jun 5 23:38:45 PDT 2000 

On Tue, Jun 06, 2000 at 06:28:10PM +1200, Gordon Smith wrote:
> Thanks Ivan. This setup is an interim measure, since they are a small
> ISP with no money  :-)
> 
> I'll have a look at the perl stuff - I'm still learning perl at the
> moment... 
> 
> I do have another suggestion, that you probably won't agree with.

Hehe, yep, you're right.

> Thats having the option of running freeside as the nobody user, rather
> than using wrappers for the CGI scripts.

Nope.  This would, in effect, mean that the nobody user would have full
access to your customer database, and (if exporting is setup) root access
to other machines.  Since the nobody user is the default for "unsafe" 
daemons etc., this is a really bad idea (despite the fact that your
Freeside machine should be secured). 

> If used with ssl and .htaccess,

Umm, you should be using SSL and .htaccess (or one of the database
equivalents) *regardless*.

> it would still be quite secure. The problem with suexec is that the CGI
> scripts must reside in the root web, not in sub-folders, although this
> can be changed by hacking the source for suexec.

Umm, I don't understand your terminology here.  What's a `root web'? 
What's a `sub-folder'?  If I read them as `DocumentRoot' and
`subdirectory' your statment is false, and if you are hacking suEXEC
you're likely to break any security you've gained by using it.  See the
warnings at <http://www.apache.org/docs/suexec.html>.

suEXEC is a sub-optimal solution in the long run, anyway.  Like setuid
execution, it's only supported because of the problems people have getting
mod_perl running. 

> 
> Cheers,
> Gordon
> 
> 
> ivan wrote:
> > 
> > On Mon, Jun 05, 2000 at 12:35:04PM +1200, Gordon Smith wrote:
> > > Hi,
> > >
> > > Could anyone share some pointers for doing time-based billing? I'm
> > > setting up a server for a small ISP. They want to run both Freeside and
> > > Radius on the same box.
> > 
> > I advise against doing this.  Your Freeside machine should be behind a
> > firewall and inaccessable from outside, except for the employees who will
> > be using it.
> > 
> > Your RADIUS server, OTOH, needs to accept connections from your terminal
> > servers and is not typically behind a firewall.
> > 
> > The current CVS version of Freeside includes support for maintaining an
> > ICRADIUS `radcheck' database, and copying that database to any number of
> > external servers.  I'll try to roll up a release soon.
> > 
> > > I've got ICRADIUS set up on there - should I be
> > > looking at changing the source to use the freeside database, rather than
> > > the radius database?
> > >
> > > They also do a mix of plans, most of which involve a set fee per month
> > > plus an additional charge for time e.g. 50hrs per month, plus an
> > > additional charge of 0.50c per hour if the user exceeds this time.
> > >
> > > I've searched the archives, and found some references saying it can be
> > > done - but how? :-)
> > 
> > All prices are perl expressions, evaluated using the Safe module (see
> > `perldoc Safe').  The $cust_pkg variable being billed is shared with the
> > expresison when it is being evaluated.
> > 
> > --
> > meow
> > _ivan

-- 
meow
_ivan

More information about the freeside-users mailing list