On Thu 08 Feb 2007 13:58, Alan DeKok wrote: > tzieleniewski wrote: > > Hi! > > > > I have just compiled the latest CVS and whenever I try to start radius I > > get the following info: Configuration file > > /home/radius/freeradius/raddb/radiusd.conf is globally readable. > > > > This is because I use the symbolic links to files. Can this restriction > > be somehow removed?? > > Edit the source code. > > I will likely be updating the checks to be a little smarter than what > they are right now. But having the config files globally readable means > that anyone can pretend to be the RADIUS server.
I have to say that this caught me out also when I upgraded one of my radius servers yesterday. My spec files had radiusd.conf as world readable, but clients.conf and sql.conf etc (everything with passwords in them) as only radiusd group readable. Next time you make a change like this can you give a heads up to packagers? :-) It still might be worth notifying the debian guys etc... Cheers -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc
pgpuC9TRbhU7D.pgp
Description: PGP signature
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html