Protecting the Configuration Files

Because the radiusd.conf, proxy.conf, and clients.conf configuration files contain passwords in plain text, they must not be readable by anyone other than the FreeRADIUS administrator ('root'). These are protected by file system rights.

You need to protect the following configuration files in /usr/local/etc/raddb/

• clients
• clients.conf
• naspasswd
• proxy.conf
• radiusd.conf
• realms
• snmp.conf
• users

You need to give read/write rights to the above files to 'root' users only. To give these rights, do the following:

1. Log in as 'root'.

2. Execute the following command for each of the files mentioned above:

   chmod go-rwx filename