Kristof is absolutely correct.
Our admins at Diamond have been puzzled by the 777 permissions too... I guess if it's only TIDS (running as user 'radius' or 'freerad' depending on platform) and FreeRADIUS itself are accessing it, then the permissions can be 600, not 777.
And, as Kristof pointed out to me in Utrecht, in Ubuntu and others, /var/tmp could be sanitised regularly, effectively wiping the file from the map. But since this is something specified in the psksql module, you could effectively put it anywhere.
Stefan
-----Original Message-----
From: Moonshot community list [mailto:[log in to unmask]] On Behalf Of Kristof Bajnok
Sent: 26 June 2014 15:13
To: [log in to unmask]
Subject: Re: psk_keys
On 2014-06-26 14:48, Alan Buxey wrote:
> right now, the psk_keys are stored in sqlite3 file in /var/tmp/keys
>
> whilst these are temporal keys (and with future version of code the
> keys will be re-requested and got via TR etc etc) there is an issue
> with the actual DB being in a temporary location that might be cleared
> out (which means having to re-created the DB!)..as discussed at the
> recent Utrecht training event.
>
> so...can we agree on the location of this file? if its PURELY for
> moonshot then /etc/moonshot/ seems to be a nice place.... if its
> something thats more generic (eg used by freeradius for other things
> then /etc/freeradius/ seems to be the place)
If it's variable data, then it fits /var/lib/something better, don't you think?
Also the file mode needs to be revised, as the current wiki recommendation of 'chmod 777' is a bit weird.
Kristof
Janet(UK) is a trading name of Jisc Collections and Janet Limited, a
not-for-profit company which is registered in England under No. 2881024
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Oxford, Didcot, Oxfordshire. OX11 0SG. VAT No. 614944238
|