Security issues with 1.1.3 flatfile

James J J Hooper jjj.hooper at bristol.ac.uk
Mon Aug 1 23:40:56 CEST 2011


On 01/08/2011 22:08, d.tom.schmitt at L-3com.com wrote:
> Currently running 1.1.3 on CentOS 5.x.

Upgrade

> I am currently using the flat file option and it works just fine as long
> as the permissions on the file are:
>
> 664 RW-RW-R—
>
> Record in the file looks like:
>
> Tom <tab> Auth-Type := Local, User-Password := “tompass”
>
> This allows everyone to read the file – not good security.
>
> If I change the permissions to 660 RW-RW---- then freeRADIUS will not restart.

Who owns the file? Which user does FR run as?

If FR runs as 'radiusd' and the file is owned by root:root, then it's not 
surprising that FR cant read the file unless it is chmod o+r.

[upgrade and] fix the permissions and it will work.

-James







More information about the Freeradius-Users mailing list