You could, as an account with sudo privs (administrator), from Terminal, type: sudo chown nobody /opt/local/etc/raddb/certs/server.pem or sudo chown -R nobody /opt/local/etc/raddb to change the ownership of that entire directory to nobody. HOWEVER: Nobody is not a secure system account. I would set up a new account for freeradius and have the server run under that, and set permissions on those files/folders for only that user. Letting the nobody user read those files might not be a good idea. -Josiah Info wrote:
Good afternoon,
When setting user/group to "nobody" in radiusd.conf, I get some permissions problems with loading the certs and just wanted to know how to properly set them to avoid this:
rlm_eap: SSL error error:0200100D:system library:fopen:Permission denied rlm_eap_tls: Error reading certificate file /opt/local/etc/raddb/certs/server.pem rlm_eap: Failed to initialize type tls
Thanks for answering the, no doubt, simplest of questions !
Jim
P.S: The above output is from testing with radiusd -X
___________________________________________________ James H. Graham II, Creative Director • *Spark Media Group* 6511 Allegheny Avenue • Takoma Park, MD 20912-4737 Tel: 301.270.4810 • Fax: 301.270.4812 • www.sparkmediagroup.com <http://www.sparkmediagroup.com>
------------------------------------------------------------------------
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Wm. Josiah Erikson Computing Support School of Cognitive Science Hampshire College Amherst, MA 01002 (413) 559-6091