Bugs installing 2.0pre1
Nicolas Baradakis
nbk at sitadelle.com
Sun Aug 19 14:33:05 CEST 2007
Alan DeKok wrote:
> And the server SHOULD be run as "root" the first time to generate the
> certificates. You should then fix the permissions to match your local
> policy.
The Debian policy is to run FreeRADIUS as non-root user. I'm going to
fix the Debian post-install script (which runs as root) to create the
default certificates for a new install.
BTW I noticed that "bootstrap" creates by default world-readable
certificates. Perhaps the following patch may be useful:
Index: raddb/certs/bootstrap
===================================================================
RCS file: /source/radiusd/raddb/certs/bootstrap,v
retrieving revision 1.2
diff -u -r1.2 bootstrap
--- raddb/certs/bootstrap 18 Aug 2007 13:34:31 -0000 1.2
+++ raddb/certs/bootstrap 19 Aug 2007 12:20:56 -0000
@@ -10,5 +10,6 @@
#
# $Id: bootstrap,v 1.2 2007/08/18 13:34:31 aland Exp $
#
+umask 027
cd `dirname $0`
make ca server dh random
--
Nicolas Baradakis
More information about the Freeradius-Devel
mailing list