Should not change permissions for SSL certificates #1324
Labels
Milestone
Comments
|
CUPS.org User: mike OK, I can agree with this change if it only applied when the ServerKey and ServerCertificate are not under the ServerRoot (/etc/cups) directory, similar to how we treat the TempDir directive. Does that sound reasonable? |
|
CUPS.org User: twaugh.redhat Sounds reasonable to me, yes. If the key is a link, the admin can use a symlink instead to avoid permissions changing where not expected. |
|
CUPS.org User: mike Fixed in Subversion repository. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Version: 1.1.23
CUPS.org User: twaugh.redhat
(Red Hat Bugzilla bug #171163)
The SSL certificate specified by ServerCertificate, and key specified by ServerKey, should not have their permissions or ownership modified.
Firstly, the SSL certificate might need to be world-readable in some environments. Secondly, the SSL key might be shared with other services, such as LDAP or HTTP servers, which will also need to read the contents.
The text was updated successfully, but these errors were encountered: