Bugs installing 2.0pre1
Alan DeKok
aland at deployingradius.com
Sat Aug 18 15:35:24 CEST 2007
Humberto Diogenes wrote:
> Starting FreeRADIUS daemon: (failed! run '/usr/sbin/freeradius -x'
> to find out why.)
I just fixed that.
> # No exec permission
> Exec-Program output: Exec-Program: FAILED to execute /etc/freeradius/
> certs/bootstrap: Permission denied
You installed the server as root, and are not running it as root.
That is wrong. The permissions are set to be secure, so that no one
else can read the private configuration files.
> unable to write 'random state'
> writing new private key to 'ca.key'
>
> # Fixing it:
> chmod g+w certs
No. The RADIUS server should NOT have permission to write to its
configuration files. This is for security.
> # After that, wrong permissions for new files:
> root at caju-test:/etc/freeradius/certs# ls -la
> total 54
> drwxr-s--x 2 root freerad 1024 2007-08-18 02:37 .
> drwxr-s--x 4 root freerad 1024 2007-08-18 02:33 ..
> -rw-r--r-- 1 freerad freerad 4210 2007-08-18 02:36 01.pem
While those permissions *look* insecure, they're not. The permissions
for '.', above, ensure that unwanted people can't access the files.
> # Fixing permissions:
> root at caju-test:/etc/freeradius/certs# chown root *
> root at caju-test:/etc/freeradius/certs# chmod o= *
And the server SHOULD be run as "root" the first time to generate the
certificates. You should then fix the permissions to match your local
policy.
Alan DeKok.
More information about the Freeradius-Devel
mailing list