tarvid <[EMAIL PROTECTED]> wrote: > I wound up running freeradius as root to get around permissions on > /etc/shadow. I'd appreciate suggestions on how to make that more secure.
Make a 'shadow' group, and don't put anyone in it. Make /etc/shadow group shadow (chgrp), and chmod g+r. Verify that the rest of your system still works... make FreeRADIUS user 'nobody', group 'shadow' Start FreeRADIUS as root, and it will switch to nobody/shadow, which is about as secure as you can make it. You'll probably have to fix the permissions of FreeRADIUS's config files/directories, too. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
