newbie on radiustesting, Buxey and Hood
Andrew Hood
freeradius at andyhood.net
Fri Apr 18 03:40:18 CEST 2008
A.L.M.Buxey at lboro.ac.uk wrote:
> Hi,
>
>>By the way:
>>What would be the difference having the proposal of Andrew Hood performed:
>>
>>find /etc/raddb/ -type d -exec chmod ug+x {} \;
>>
>>compared to the proposal of Alan Buxey:
>>
>>chmod -R ugo+x /etc/raddb/certs
>>
>>I am not so familiar with the /-type d/ part of the find command
>>Would the result be the same?
>
>
> mu suggestion would have made all files in certs directory
> executable by others. maybe too much. but it works! :-)
Which is exactly why I suggested what I did. Directories need the x
attribute to permit them to be searched. Files only need the x attribute
so they can be executed.
Since you said the files and directories all had group radiusd, and the
user was a member of that group, setting ug+x on directories is enough.
There should be no need for anyone outside group radiusd to be able to
search those directories.
It would probably make sense to also:
chgrp -R radiusd /etc/raddb/
find /etc/raddb/ -type d -exec chmod g+s {} \;
So all the existing objects would have group radiusd, and any new ones
will get group radiusd.
--
REALITY.SYS not found: Universe halted.
More information about the Freeradius-Users
mailing list