On Fri 09 Feb 2007 12:25, Alan DeKok wrote: > Peter Nixon wrote: > > I have to say that this caught me out also when I upgraded one of my > > radius servers yesterday. My spec files had radiusd.conf as world > > readable, but clients.conf and sql.conf etc (everything with passwords > > in them) as only radiusd group readable. > > > > Next time you make a change like this can you give a heads up to > > packagers? :-) > > OK. In somewhat of a defense, there's no official release based on > that code yet. > > I'm going to update the checks to make them a little less restrictive. > ${raddb} should be o-rwx. Any files within ${raddb} can have any > permission they want. > > Sound OK?
0750 for the dirs and 0640 for the files is a pretty reasonable set of permissions in my opinion... Cheers -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc
pgp2zxwzGUcOH.pgp
Description: PGP signature
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html