-
-
Notifications
You must be signed in to change notification settings - Fork 90
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Shouldn't fail when keys aren't owned by root #1142
Comments
Given that this issue hasn't gotten any traction, may I suggest a (Linux only, sorry) workaround for those who find this issue like me: use an idmapped bind mount to someplace where smtpd can pick it up. Example (I am using
Where 500 is the uid/gid of my system's |
These output as warnings like
warn: /path/to/key: not owned by uid 0
, but then result in a hard error, preventing the keys from being loaded whenever they aren't owned by UID 0 (root). This is especially weird because it happens for the public key files as well, which don't have to have any particularly strict permissions since they're public keys, and the program verifies that they match the private keys anyway.I personally have an ACME client running under the user
acme
, and thus all the certificate files are owned byacme
with groupsmtpd
. I really don't think this is an error, especially considering how thesmtpd
process switches down to thesmtpd
user after it loads everything. I would personally run it as that user to begin with if it weren't required by the daemon.I would just make a change that removes the
goto fail
but I figure that there's a reason for this change that I'm maybe not understanding, which is why I'm filing an issue instead.The text was updated successfully, but these errors were encountered: