You could, as an account with sudo privs (administrator), from Terminal,
type:
sudo chown nobody /opt/local/etc/raddb/certs/server.pem
or
sudo chown -R nobody /opt/local/etc/raddb
to change the ownership of that entire directory to nobody.
HOWEVER:
Nobody is not a secure system account. I would set up a new account for
freeradius and have the server run under that, and set permissions on
those files/folders for only that user. Letting the nobody user read
those files might not be a good idea.
-Josiah
Info wrote:
Good afternoon,
When setting user/group to "nobody" in radiusd.conf, I get some
permissions problems with loading the certs and just wanted to know
how to properly set them to avoid this:
rlm_eap: SSL error error:0200100D:system library:fopen:Permission denied
rlm_eap_tls: Error reading certificate file
/opt/local/etc/raddb/certs/server.pem
rlm_eap: Failed to initialize type tls
Thanks for answering the, no doubt, simplest of questions !
Jim
P.S: The above output is from testing with radiusd -X
___________________________________________________
James H. Graham II, Creative Director • *Spark Media Group*
6511 Allegheny Avenue • Takoma Park, MD 20912-4737
Tel: 301.270.4810 • Fax: 301.270.4812 • www.sparkmediagroup.com
<http://www.sparkmediagroup.com>
------------------------------------------------------------------------
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Wm. Josiah Erikson
Computing Support
School of Cognitive Science
Hampshire College
Amherst, MA 01002
(413) 559-6091
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
