when installing freeradius-dialupadmin (it installs with the webapps application) the bin, conf, inc directory resides in /var/www/localhost/conf but there is no access to this directory from the apache server, only /var/www/localhost/htdocs has an access level Reproducible: Always Steps to Reproduce: 1.install postgresql, apache, freeradius, mod_php, freeradius-dialupadmin 2.configure freeradius-dialupadmin config.php file (/var/www/localhost/conf/config.php) 3.browse to http://localhost/freeradius-dialupadmin Actual Results: in the left column you get some errors when clicking on find user for example you get the following Warning: main(../../conf/config.php): failed to open stream: Permission denied in /var/www/localhost/htdocs/freeradius-dialupadmin/find.php on line 2 Fatal error: main(): Failed opening required '../../conf/config.php' (include_path='.:/usr/lib/php') in /var/www/localhost/htdocs/freeradius-dialupadmin/find.php Expected Results: maybe it would be better if the whole freeradius-dialupadmin stuff went 1 directory level deeper /var/www/localhost/htdocs/freeradius-dialupadmin/conf + bin + inc + htdocs and some .htaccess files in the directories that should never be accessed one should browse to http://localhost/freeradius-dialupadmin/htdocs then or there could even be an alias in the httpd.conf file "alias dialupadmin freeradius-dialupadmin/htdocs"
you should set the right owner/group on config files through VHOST_CONFIG_UID or VHOST_CONFIG_GID (see /etc/vhosts/webapp-config). those files contains sensible security information, which shouldn't be world readable.
