Re: newbie on radiustesting, Buxey and Hood
By the way: What would be the difference having the proposal of Andrew Hood performed: find /etc/raddb/ -type d -exec chmod ug+x {} \; compared to the proposal of Alan Buxey: chmod -R ugo+x /etc/raddb/certs I am not so familiar with the /-type d/ part of the find command Would the result be the same? ..................................................
----- Original Message ----- From: "Andrew Hood" <freeradius@andyhood.net> To: "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org> Subject: Re: newbie on radiustesting Date: Thu, 17 Apr 2008 13:34:08 +1000
Si St wrote:
linux:/etc/raddb/certs # l insgesamt 53 drw-r----- 3 root radiusd 472 2008-03-31 22:53 ./ drwxr-xr-x 5 root root 728 2008-04-16 20:40 ../ -rw-r----- 1 root radiusd 721 2005-09-13 04:15 cert-clt.der -rw-r----- 1 root radiusd 1741 2005-09-13 04:15 cert-clt.p12 -rw-r----- 1 root radiusd 2452 2005-09-13 04:15 cert-clt.pem -rw-r----- 1 root radiusd 717 2005-09-13 04:15 cert-srv.der -rw-r----- 1 root radiusd 1733 2005-09-13 04:15 cert-srv.p12 -rw-r----- 1 root radiusd 2439 2005-09-13 04:15 cert-srv.pem drw-r----- 2 root radiusd 200 2008-03-31 22:53 demoCA/ -rw-r----- 1 root radiusd 0 2005-09-13 04:15 dh -rw-r----- 1 root radiusd 2913 2005-09-13 04:15 newcert.pem -rw-r----- 1 root radiusd 1753 2005-09-13 04:15 newreq.pem -rw-r----- 1 root radiusd 1024 2005-09-13 04:15 random -rw-r----- 1 root radiusd 431 2005-09-13 04:15 README -rw-r----- 1 root radiusd 954 2005-09-13 04:15 root.der -rw-r----- 1 root radiusd 1973 2005-09-13 04:15 root.p12 -rw-r----- 1 root radiusd 2764 2005-09-13 04:15 root.pem
linux:/etc/raddb/certs/demoCA # l insgesamt 21 drw-r----- 2 root radiusd 200 2008-03-31 22:53 ./ drw-r----- 3 root radiusd 472 2008-03-31 22:53 ../ -rw-r----- 1 root radiusd 1346 2005-09-13 04:15 cacert.pem -rw-r----- 1 root radiusd 276 2005-09-13 04:15 index.txt -rw-r----- 1 root radiusd 140 2005-09-13 04:15 index.txt.old -rw-r----- 1 root radiusd 3 2005-09-13 04:15 serial -rw-r----- 1 root radiusd 3 2005-09-13 04:15 serial.old
Bad directory perms?
umask 022 find /etc/raddb/ -type d -exec chmod ug+x {} \;
-- REALITY.SYS not found: Universe halted. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- _______________________________________________ Surf the Web in a faster, safer and easier way: Download Opera 9 at http://www.opera.com Powered by Outblaze
Hi,
By the way: What would be the difference having the proposal of Andrew Hood performed:
find /etc/raddb/ -type d -exec chmod ug+x {} \;
compared to the proposal of Alan Buxey:
chmod -R ugo+x /etc/raddb/certs
I am not so familiar with the /-type d/ part of the find command Would the result be the same?
mu suggestion would have made all files in certs directory executable by others. maybe too much. but it works! :-) alan
A.L.M.Buxey@lboro.ac.uk wrote:
Hi,
By the way: What would be the difference having the proposal of Andrew Hood performed:
find /etc/raddb/ -type d -exec chmod ug+x {} \;
compared to the proposal of Alan Buxey:
chmod -R ugo+x /etc/raddb/certs
I am not so familiar with the /-type d/ part of the find command Would the result be the same?
mu suggestion would have made all files in certs directory executable by others. maybe too much. but it works! :-)
Which is exactly why I suggested what I did. Directories need the x attribute to permit them to be searched. Files only need the x attribute so they can be executed. Since you said the files and directories all had group radiusd, and the user was a member of that group, setting ug+x on directories is enough. There should be no need for anyone outside group radiusd to be able to search those directories. It would probably make sense to also: chgrp -R radiusd /etc/raddb/ find /etc/raddb/ -type d -exec chmod g+s {} \; So all the existing objects would have group radiusd, and any new ones will get group radiusd. -- REALITY.SYS not found: Universe halted.
participants (3)
-
A.L.M.Buxey@lboro.ac.uk -
Andrew Hood -
Si St