Starting radius issue - configuration files globaly readable.
Peter Nixon
listuser at peternixon.net
Fri Feb 9 20:24:04 CET 2007
On Fri 09 Feb 2007 12:25, Alan DeKok wrote:
> Peter Nixon wrote:
> > I have to say that this caught me out also when I upgraded one of my
> > radius servers yesterday. My spec files had radiusd.conf as world
> > readable, but clients.conf and sql.conf etc (everything with passwords
> > in them) as only radiusd group readable.
> >
> > Next time you make a change like this can you give a heads up to
> > packagers? :-)
>
> OK. In somewhat of a defense, there's no official release based on
> that code yet.
>
> I'm going to update the checks to make them a little less restrictive.
> ${raddb} should be o-rwx. Any files within ${raddb} can have any
> permission they want.
>
> Sound OK?
0750 for the dirs and 0640 for the files is a pretty reasonable set of
permissions in my opinion...
Cheers
--
Peter Nixon
http://www.peternixon.net/
PGP Key: http://www.peternixon.net/public.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070209/27e28233/attachment.pgp>
More information about the Freeradius-Users
mailing list