Starting radius issue - configuration files globaly readable.
Peter Nixon
listuser at peternixon.net
Fri Feb 9 09:07:50 CET 2007
On Thu 08 Feb 2007 13:58, Alan DeKok wrote:
> tzieleniewski wrote:
> > Hi!
> >
> > I have just compiled the latest CVS and whenever I try to start radius I
> > get the following info: Configuration file
> > /home/radius/freeradius/raddb/radiusd.conf is globally readable.
> >
> > This is because I use the symbolic links to files. Can this restriction
> > be somehow removed??
>
> Edit the source code.
>
> I will likely be updating the checks to be a little smarter than what
> they are right now. But having the config files globally readable means
> that anyone can pretend to be the RADIUS server.
I have to say that this caught me out also when I upgraded one of my radius
servers yesterday. My spec files had radiusd.conf as world readable, but
clients.conf and sql.conf etc (everything with passwords in them) as only
radiusd group readable.
Next time you make a change like this can you give a heads up to
packagers? :-)
It still might be worth notifying the debian guys etc...
Cheers
--
Peter Nixon
http://www.peternixon.net/
PGP Key: http://www.peternixon.net/public.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070209/eddd9f4b/attachment.pgp>
More information about the Freeradius-Users
mailing list