The patch in the downstream Debian package to run radclient with

author nbk <nbk>

Fri, 18 Aug 2006 11:58:04 +0000 (11:58 +0000)

committer nbk <nbk>

Fri, 18 Aug 2006 11:58:04 +0000 (11:58 +0000)
author nbk <nbk>
Fri, 18 Aug 2006 11:58:04 +0000 (11:58 +0000)
committer nbk <nbk>
Fri, 18 Aug 2006 11:58:04 +0000 (11:58 +0000)
diff --git a/debian/freeradius.postinst b/debian/freeradius.postinst

index 6c21475..f0fab3b 100755 (executable)
--- a/debian/freeradius.postinst
+++ b/debian/freeradius.postinst
@@ -35,15 +35,15 @@ case "$1" in
  
         chown -R freerad:freerad /var/log/freeradius
         chown -R freerad:freerad /var/run/freeradius
-       find /etc/freeradius -type f -exec chgrp freerad {} \; -exec chmod 640 {} \;
-       find /etc/freeradius -type d -exec chgrp freerad {} \; -exec chmod 2750 {} \;
+       chgrp -R freerad /etc/freeradius
+
+       # Leave the file /etc/freeradius/dictionary with the default
+       # permissions: it should not contain secrets, and this allows
+       # to run radclient with a non-privileged user.
+       find /etc/freeradius -type d -exec chmod 2751 {} \;
+       find /etc/freeradius -type f \! -name dictionary -exec chmod 640 {} \;
  
-       # Relax permissions on local dictionary - allows radclient to run
-       # and should not contain secrets.  At any rate, only do it on fresh
-       # install
         if [ -z "$2" ]; then
-               chmod 0644 /etc/freeradius/dictionary
-               chmod 0751 /etc/freeradius/
                 action="start"
         else
                 action="restart"
author	nbk <nbk>
	Fri, 18 Aug 2006 11:58:04 +0000 (11:58 +0000)
committer	nbk <nbk>
	Fri, 18 Aug 2006 11:58:04 +0000 (11:58 +0000)