Peter Nixon wrote: > I have to say that this caught me out also when I upgraded one of my radius > servers yesterday. My spec files had radiusd.conf as world readable, but > clients.conf and sql.conf etc (everything with passwords in them) as only > radiusd group readable. > > Next time you make a change like this can you give a heads up to > packagers? :-)
OK. In somewhat of a defense, there's no official release based on that code yet. I'm going to update the checks to make them a little less restrictive. ${raddb} should be o-rwx. Any files within ${raddb} can have any permission they want. Sound OK? Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html