Security issues with 1.1.3 flatfile
James J J Hooper
jjj.hooper at bristol.ac.uk
Mon Aug 1 23:40:56 CEST 2011
On 01/08/2011 22:08, d.tom.schmitt at L-3com.com wrote:
> Currently running 1.1.3 on CentOS 5.x.
Upgrade
> I am currently using the flat file option and it works just fine as long
> as the permissions on the file are:
>
> 664 RW-RW-R—
>
> Record in the file looks like:
>
> Tom <tab> Auth-Type := Local, User-Password := “tompass”
>
> This allows everyone to read the file – not good security.
>
> If I change the permissions to 660 RW-RW---- then freeRADIUS will not restart.
Who owns the file? Which user does FR run as?
If FR runs as 'radiusd' and the file is owned by root:root, then it's not
surprising that FR cant read the file unless it is chmod o+r.
[upgrade and] fix the permissions and it will work.
-James
More information about the Freeradius-Users
mailing list