On Fri 09 Feb 2007 12:25, Alan DeKok wrote:
> Peter Nixon wrote:
> > I have to say that this caught me out also when I upgraded one of my
> > radius servers yesterday. My spec files had radiusd.conf as world
> > readable, but clients.conf and sql.conf etc (everything with passwords
> > in them) as only radiusd group readable.
> >
> > Next time you make a change like this can you give a heads up to
> > packagers? :-)
>
> OK. In somewhat of a defense, there's no official release based on
> that code yet.
>
> I'm going to update the checks to make them a little less restrictive.
> ${raddb} should be o-rwx. Any files within ${raddb} can have any
> permission they want.
>
> Sound OK?0750 for the dirs and 0640 for the files is a pretty reasonable set of permissions in my opinion... Cheers -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc
pgp2zxwzGUcOH.pgp
Description: PGP signature
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
