Setting radiusd user/cert permissions in Mac OSX
Wm. Josiah Erikson
wjerikson at hampshire.edu
Wed Jan 30 21:14:57 CET 2008
You could, as an account with sudo privs (administrator), from Terminal,
type:
sudo chown nobody /opt/local/etc/raddb/certs/server.pem
or
sudo chown -R nobody /opt/local/etc/raddb
to change the ownership of that entire directory to nobody.
HOWEVER:
Nobody is not a secure system account. I would set up a new account for
freeradius and have the server run under that, and set permissions on
those files/folders for only that user. Letting the nobody user read
those files might not be a good idea.
-Josiah
Info wrote:
> Good afternoon,
>
> When setting user/group to "nobody" in radiusd.conf, I get some
> permissions problems with loading the certs and just wanted to know
> how to properly set them to avoid this:
>
> rlm_eap: SSL error error:0200100D:system library:fopen:Permission denied
> rlm_eap_tls: Error reading certificate file
> /opt/local/etc/raddb/certs/server.pem
> rlm_eap: Failed to initialize type tls
>
> Thanks for answering the, no doubt, simplest of questions !
>
> Jim
>
> P.S: The above output is from testing with radiusd -X
>
>
> ___________________________________________________
> James H. Graham II, Creative Director • *Spark Media Group*
> 6511 Allegheny Avenue • Takoma Park, MD 20912-4737
> Tel: 301.270.4810 • Fax: 301.270.4812 • www.sparkmediagroup.com
> <http://www.sparkmediagroup.com>
>
> ------------------------------------------------------------------------
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Wm. Josiah Erikson
Computing Support
School of Cognitive Science
Hampshire College
Amherst, MA 01002
(413) 559-6091
More information about the Freeradius-Users
mailing list