8.3 Protecting the Configuration Files

Because the radiusd.conf, proxy.conf, and clients.conf configuration files contain passwords in plain text, they must not be readable by anyone other than the FreeRADIUS administrator (root).

You need to protect the following configuration files in /usr/local/etc/raddb/:

  • clients

  • clients.conf

  • naspasswd

  • proxy.conf

  • radiusd.conf

  • realms

  • snmp.conf

  • users

You need to give read/write rights to the above files to root users only.

  1. Log in as root.

  2. Execute the following command for each of the files listed above:

    chmod go-rwx filename