Bugs installing 2.0pre1

Alan DeKok aland at deployingradius.com
Sat Aug 18 15:35:24 CEST 2007

Humberto Diogenes wrote:
> Starting FreeRADIUS daemon: (failed!  run '/usr/sbin/freeradius -x'  
> to find out why.)

  I just fixed that.

> # No exec permission
> Exec-Program output: Exec-Program: FAILED to execute /etc/freeradius/ 
> certs/bootstrap: Permission denied

  You installed the server as root, and are not running it as root.
That is wrong.  The permissions are set to be secure, so that no one
else can read the private configuration files.

> unable to write 'random state'
> writing new private key to 'ca.key'
> # Fixing it:
> chmod g+w certs

  No.  The RADIUS server should NOT have permission to write to its
configuration files.  This is for security.

> # After that, wrong permissions for new files:
> root at caju-test:/etc/freeradius/certs# ls -la
> total 54
> drwxr-s--x  2 root    freerad 1024 2007-08-18 02:37 .
> drwxr-s--x  4 root    freerad 1024 2007-08-18 02:33 ..
> -rw-r--r--  1 freerad freerad 4210 2007-08-18 02:36 01.pem

  While those permissions *look* insecure, they're not.  The permissions
for '.', above, ensure that unwanted people can't access the files.

> # Fixing permissions:
> root at caju-test:/etc/freeradius/certs# chown root *
> root at caju-test:/etc/freeradius/certs# chmod o= *

  And the server SHOULD be run as "root" the first time to generate the
certificates.  You should then fix the permissions to match your local

  Alan DeKok.

More information about the Freeradius-Devel mailing list