Starting radius issue - configuration files globaly readable.

Peter Nixon listuser at peternixon.net
Fri Feb 9 20:24:04 CET 2007


On Fri 09 Feb 2007 12:25, Alan DeKok wrote:
> Peter Nixon wrote:
> > I have to say that this caught me out also when I upgraded one of my
> > radius servers yesterday. My spec files had radiusd.conf as world
> > readable, but clients.conf and sql.conf etc (everything with passwords
> > in them) as only radiusd group readable.
> >
> > Next time you make a change like this can you give a heads up to
> > packagers? :-)
>
>   OK.  In somewhat of a defense, there's no official release based on
> that code yet.
>
>   I'm going to update the checks to make them a little less restrictive.
>  ${raddb} should be o-rwx.  Any files within ${raddb} can have any
> permission they want.
>
>   Sound OK?

0750 for the dirs and 0640 for the files is a pretty reasonable set of 
permissions in my opinion...

Cheers
-- 

Peter Nixon
http://www.peternixon.net/
PGP Key: http://www.peternixon.net/public.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070209/27e28233/attachment.pgp>


More information about the Freeradius-Users mailing list