-
Notifications
You must be signed in to change notification settings - Fork 371
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature :: Add ability to specify ownership and umask on created files #380
Comments
ad 1) These should be able to be configured seperately? ie specify ownership/umask for certs and keys seperately. ad 2) The reason why it is need would be interesting? The domain dir should be only used by getssl and certs should be copied out from it with the location variables. |
We ran into this issue last night too. slapd failed to restart as the permissions on the key file were wrong. The correct permissions for slapd in our case are ownership root:ssl-cert and umask 0640. What is needed in order for the issue to be resolved? |
This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 30 days. |
The default, extremely restrictive umask works for many circumstances, but some situations (ie. Debian's exim) cannot work with this - in this example the process reading the key & cert files is not root.
To make this possible the admin has only one choice right now - manually fix the permissions. This cannot be the final solution, as subsequent cert refreshes may cancel these changes and leave the system in a broken state.
The request, therefore, is as follows:
DOMAIN_CHAIN_LOCATION
DOMAIN_KEY_LOCATION
DOMAIN_DIR
The text was updated successfully, but these errors were encountered: